Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo/virtmonde Infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 killface

killface

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 15 September 2008 - 11:06 PM

Hello everyone,
Well I've had the dreaded Vundo/Virtmonde infection for about a week. I've ran Ad-aware, Spybot S&D, Vundo fix, Mcafee, Bitdefender, and a couple of other well reviewed spyware programs. Tried running them all in safemode, and I've been able to remove some of the files, and all of the programs I've used other than Bitdefender no longer shows the infection. But it is still doing a number on my computer.

Here is my Hijack This log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:29 PM, on 9/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {313FBF33-F671-46FA-A579-7C1104AB3DED} - C:\Windows\system32\jkkKbASJ.dll
O2 - BHO: {7aeecf25-1bb5-ac0a-d074-0ad0288afff4} - {4fffa882-0da0-470d-a0ca-5bb152fceea7} - C:\Windows\system32\jpeupf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [BM9903e062] Rundll32.exe "C:\Users\Danny\AppData\Local\Temp\evrgpyxt.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6016 bytes




And also if it helps here is the log from Bitdefender.




BitDefender Log File

Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 22:43:29 15/09/2008
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\deep_scan\1221536609_1_02.xml

Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Path 0002: C:\Program Files\AIM6\aolsoftware.exe
Path 0003: C:\Program Files\AIM6\aim6.exe
Path 0004: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0006: C:\Windows\System32\rundll32.exe
Path 0007: C:\Program Files\Windows Media Player\wmpnscfg.exe
Path 0008: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Path 0009: C:\Windows\System32\rundll32.exe
Path 0010: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0011: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
Path 0012: C:\Windows\System32\rundll32.exe
Path 0013: C:\Windows\Explorer.EXE
Path 0014: C:\Windows\system32\taskeng.exe
Path 0015: C:\Windows\system32\Dwm.exe
Path 0016: C:\
Path 0017: D:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None

Scan engines summaryNumber of virus signatures : 1759473
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 4
Unpack plugins : 7

Overall scan summaryScanned items : 97785
Infected items : 17
Suspicious items : 0
Resolved items : 9
Unresolved items : 32
Password-protected items : 24
Individual viruses found : 3
Scanned directories : 19817
Scanned boot sectors : 8
Scanned archives : 1141
Input-output errors : 65
Scan time : 00:25:56
Files per second : 62

Scanned processes summaryScanned : 50
Infected : 0

Scanned registry keys summaryScanned : 388
Infected : 0

Scanned cookies summaryScanned : 388
Infected : 0

Remaining issues:Object Name Threat Name Final Status
[System]=]C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt Cookie.2o7 Disinfect Failed
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]upd105320[1]_3.xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]upd105320[1]_2.xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]tmp000412f3_1.xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]upd105320[1]_1.xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]tmp000412f3.xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab=]upd105320[1].xor=](Quarantine-PE) Trojan.Vundo.FLG Infected (no action was possible, file was in an archive)
C:\Users\Danny\AppData\Local\Temp\ahhojcef.dll Trojan.Vundo.FLG No action was possible


Resolved issues:Object Name Threat Name Final Status
C:\Windows\System32\egrrbmul.dll Trojan.Vundo.FKW Deleted
C:\Windows\System32\jpeupf.dll Trojan.Vundo.FKW Moved to Quarantine
C:\Users\Danny\AppData\Local\Temp\evrgpyxt.dll Trojan.Vundo.FLG Moved to Quarantine
C:\Users\Danny\AppData\Local\Temp\gbplmpas.dll Trojan.Vundo.FLG Moved to Quarantine
C:\Users\Danny\AppData\Local\Temp\hnmdelqd.dll Trojan.Vundo.FLG Deleted
C:\Users\Danny\AppData\Local\Temp\kvpkmsjl.dll Trojan.Vundo.FLG Deleted
C:\Users\Danny\AppData\Local\Temp\rwjejucp.dll Trojan.Vundo.FLG Deleted
C:\Users\Danny\AppData\Local\Temp\tugnlwra.dll Trojan.Vundo.FLG Deleted
C:\Users\Danny\AppData\Local\Temp\vivhhmve.dll Trojan.Vundo.FLG Deleted


Objects that were not scanned:Object Name Reason Final Status
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde4.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde4.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde5.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde5.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde6.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde6.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde7.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde7.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll.zip=]xxyabbAQ.dll Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip=]jkkHWNec.dll Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip=]sbRecovery.ini Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip=]sbRecovery.reg Password-protected No action was possible
C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip=]sbRecovery.ini Password-protected No action was possible



Thanks in advance for any help you can offer. I think it is awesome what you guys are doing here, I was so surprised and glad when I found this site.

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 17 September 2008 - 02:35 PM

Hi killface.

I'm Extremeboy (or EB for short) and I will be helping you with your log.

I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, to track your topic. The topics you are tracking can be found here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 19 September 2008 - 10:30 AM

Hi extremeboy,

Thanks for getting back to me, I really appreciate the help. My computer has ran better since I ran all the scanners and such that I mentioned above but I am still getting quite a few pop-ups and very noticeable proformance issues at times. Here are the two logs you requested.



Logfile of random's system information tool 1.02 (written by random/random)
Run by Danny at 2008-09-19 10:22:24
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 323 GB (69%) free of 467 GB
Total RAM: 3069 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:31 AM, on 9/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\V0500Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Danny\Desktop\RSIT.exe
C:\HijackThis\Danny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {3BB8695D-DC20-4D3F-BA17-9FB23646AFFE} - C:\Windows\system32\jkkKbASJ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\jkkKbASJ.dll,c
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [BM9903e062] Rundll32.exe "C:\Users\Danny\AppData\Local\Temp\padpqrut.dll",s
O4 - HKCU\..\Run: [9a30d3fe] rundll32.exe "C:\Users\Danny\AppData\Local\Temp\walmkryw.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5772 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BB8695D-DC20-4D3F-BA17-9FB23646AFFE}]
C:\Windows\system32\jkkKbASJ.dll [2008-09-13 253440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-02-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-23 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-23 92704]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-09-15 716800]
"V0500Mon.exe"=C:\Windows\V0500Mon.exe [2007-11-02 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cmds"=C:\Windows\system32\jkkKbASJ.dll [2008-09-13 253440]
"IMC"=C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]
"BM9903e062"=C:\Users\Danny\AppData\Local\Temp\padpqrut.dll [2008-09-18 99328]
"9a30d3fe"=C:\Users\Danny\AppData\Local\Temp\walmkryw.dll [2008-09-18 89600]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint


======List of files/folders created in the last 1 months======

2008-09-19 10:22:24 ----D---- C:\rsit
2008-09-18 18:09:10 ----D---- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Mon.exe
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Cfg.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Srv.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Pin.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Hwx.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Cvw.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\CtCamMgr.dll
2008-09-18 18:06:11 ----A---- C:\Windows\CtDrvIns.exe
2008-09-18 18:05:34 ----D---- C:\Program Files\Dynex
2008-09-18 18:05:19 ----D---- C:\Program Files\Creative
2008-09-16 19:49:46 ----A---- C:\ComboFix.txt
2008-09-16 19:41:59 ----A---- C:\Windows\swreg.exe
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msshooks.dll
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msscb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propsys.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propdefs.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msstrc.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msshsq.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\wsepno.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\tquery.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\offfilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssvp.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssrch.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssph.dll
2008-09-16 00:38:21 ----D---- C:\Windows\erdnt
2008-09-16 00:37:36 ----D---- C:\QooBox
2008-09-16 00:37:34 ----A---- C:\Windows\zip.exe
2008-09-16 00:37:34 ----A---- C:\Windows\VFind.exe
2008-09-16 00:37:34 ----A---- C:\Windows\swsc.exe
2008-09-16 00:37:34 ----A---- C:\Windows\sed.exe
2008-09-16 00:37:34 ----A---- C:\Windows\Nircmd.exe
2008-09-16 00:37:34 ----A---- C:\Windows\grep.exe
2008-09-16 00:37:34 ----A---- C:\Windows\fdsv.exe
2008-09-16 00:37:11 ----A---- C:\Windows\swxcacls.exe
2008-09-15 21:49:50 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:02:36 ----D---- C:\Windows\system32\logs
2008-09-15 21:02:02 ----D---- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02:00 ----D---- C:\Binaries
2008-09-15 21:01:31 ----D---- C:\ProgramData\BitDefender
2008-09-15 21:01:30 ----D---- C:\Program Files\BitDefender
2008-09-15 21:00:11 ----D---- C:\Windows\system32\URTTEMP
2008-09-15 20:57:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-15 17:32:47 ----D---- C:\HijackThis
2008-09-15 00:06:51 ----D---- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24:34 ----A---- C:\Windows\system32\tzres.dll
2008-09-14 19:10:19 ----D---- C:\ProgramData\SiteAdvisor
2008-09-14 15:49:14 ----D---- C:\ProgramData\McAfee
2008-09-14 12:14:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-14 12:12:52 ----HD---- C:\Config.Msi
2008-09-14 11:08:36 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-14 11:08:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-14 11:08:21 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-14 11:07:01 ----A---- C:\Windows\system32\EncDec.dll
2008-09-14 11:07:00 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-14 11:02:52 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-14 11:02:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-14 11:02:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-14 11:02:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-14 11:02:26 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-14 11:02:12 ----A---- C:\Windows\system32\shell32.dll
2008-09-14 11:02:02 ----A---- C:\Windows\system32\es.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\wininet.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\mshtml.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\ieframe.dll
2008-09-14 11:01:38 ----A---- C:\Windows\system32\urlmon.dll
2008-09-14 11:01:36 ----A---- C:\Windows\system32\mstime.dll
2008-09-14 11:01:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\dataclen.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\cdd.dll
2008-09-14 11:01:11 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wshext.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wscript.exe
2008-09-14 11:01:05 ----A---- C:\Windows\system32\vbscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrrun.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrobj.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\jscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\cscript.exe
2008-09-14 11:00:59 ----A---- C:\Windows\system32\quartz.dll
2008-09-14 10:16:28 ----A---- C:\VundoFix.txt
2008-09-14 10:16:27 ----D---- C:\VundoFix Backups
2008-09-14 10:00:31 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-14 09:12:03 ----D---- C:\Windows\pss
2008-09-13 20:12:41 ----A---- C:\Windows\wininit.ini
2008-09-13 16:17:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50:17 ----D---- C:\ProgramData\Lavasoft
2008-09-13 01:41:19 ----A---- C:\ProgramData\pskt.ini
2008-09-13 01:41:19 ----A---- C:\ProgramData\BM9903e062.txt
2008-09-13 01:40:50 ----A---- C:\Windows\system32\91131780-.txt
2008-09-13 01:39:07 ----A---- C:\Windows\system32\jkkKbASJ.dll
2008-09-10 21:24:50 ----HD---- C:\ProgramData\CanonBJ
2008-09-08 10:03:10 ----D---- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00:36 ----D---- C:\ProgramData\Electronic Arts
2008-09-08 09:57:59 ----D---- C:\Program Files\CCleaner
2008-09-08 09:56:16 ----D---- C:\Program Files\Electronic Arts
2008-09-07 16:15:46 ----A---- C:\Windows\iun6002.exe
2008-09-07 16:15:44 ----D---- C:\Program Files\NBCE Review
2008-09-05 12:14:47 ----D---- C:\Program Files\FriendFinder
2008-09-05 11:46:33 ----D---- C:\Program Files\Elaborate Bytes
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwssr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwss.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvitvs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvudisp.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmobls.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccssr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccss.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvgamesr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvgames.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvdispsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvdisps.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcpl.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcolor.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcod134.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcod.dll

======List of files/folders modified in the last 1 months======

2008-09-19 10:22:31 ----D---- C:\Windows\Prefetch
2008-09-19 10:21:53 ----D---- C:\Windows\Temp
2008-09-19 03:00:50 ----SHD---- C:\Windows\Installer
2008-09-19 03:00:39 ----SHD---- C:\System Volume Information
2008-09-18 19:08:47 ----D---- C:\Windows
2008-09-18 18:30:40 ----D---- C:\Windows\System32
2008-09-18 18:30:40 ----D---- C:\Windows\inf
2008-09-18 18:30:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-18 18:07:36 ----RD---- C:\Users
2008-09-18 18:07:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 18:06:29 ----D---- C:\Windows\twain_32
2008-09-18 18:06:28 ----D---- C:\Windows\system32\drivers
2008-09-18 18:06:25 ----D---- C:\Windows\system32\catroot
2008-09-18 18:05:34 ----RD---- C:\Program Files
2008-09-18 18:05:04 ----D---- C:\Windows\system32\catroot2
2008-09-17 09:53:15 ----D---- C:\Program Files\Mozilla Firefox
2008-09-17 03:02:47 ----D---- C:\Windows\Registration
2008-09-17 03:01:59 ----D---- C:\Program Files\Internet Explorer
2008-09-16 19:47:10 ----A---- C:\Windows\system.ini
2008-09-16 19:47:09 ----D---- C:\Windows\system32\en-US
2008-09-16 19:45:26 ----SHD---- C:\Boot
2008-09-16 19:45:26 ----D---- C:\Windows\system32\config
2008-09-16 19:44:29 ----D---- C:\Windows\AppPatch
2008-09-16 19:44:29 ----D---- C:\Program Files\Common Files
2008-09-16 19:39:57 ----D---- C:\Windows\Minidump
2008-09-16 11:34:36 ----D---- C:\Windows\rescache
2008-09-16 11:06:08 ----D---- C:\Windows\PolicyDefinitions
2008-09-16 11:01:00 ----D---- C:\ProgramData\NVIDIA
2008-09-16 10:59:04 ----D---- C:\Windows\winsxs
2008-09-15 21:05:40 ----HD---- C:\ProgramData
2008-09-15 21:00:46 ----RSD---- C:\Windows\assembly
2008-09-15 20:58:46 ----D---- C:\Windows\Tasks
2008-09-15 17:46:03 ----AD---- C:\ProgramData\TEMP
2008-09-15 14:56:58 ----SD---- C:\Windows\Downloaded Program Files
2008-09-15 00:50:51 ----D---- C:\Windows\Debug
2008-09-14 22:30:16 ----D---- C:\Windows\ehome
2008-09-14 22:30:14 ----D---- C:\Windows\system32\migration
2008-09-14 22:30:10 ----D---- C:\Program Files\Windows Mail
2008-09-14 22:26:06 ----D---- C:\Windows\Microsoft.NET
2008-09-14 22:20:11 ----D---- C:\Program Files\Microsoft Works
2008-09-14 22:19:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-14 16:07:24 ----SD---- C:\ProgramData\Microsoft
2008-09-14 16:06:48 ----D---- C:\ProgramData\Gtek
2008-09-14 14:23:46 ----D---- C:\Windows\system32\WDI
2008-09-14 12:32:07 ----SD---- C:\Users\Danny\AppData\Roaming\Microsoft
2008-09-14 09:56:20 ----HD---- C:\Windows\system32\GroupPolicy
2008-09-13 01:33:44 ----D---- C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 10:03:02 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-09-08 09:36:10 ----D---- C:\Windows\system32\Tasks
2008-08-26 13:28:14 ----A---- C:\Windows\system32\mrt.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvsvc.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvuninst.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvsvc.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmctray.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvexpbar.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcpluir.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcplui.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-09-15 133184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-06-27 207656]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\Windows\system32\DRIVERS\AegisP.sys [2008-04-09 21275]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-21 228224]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-23 1778464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-23 7475488]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 V0500Dev;Dynex 1.3MP Webcam Driver; C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 4736]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 spring;spring; \??\C:\Users\Danny\Desktop\Max\spring.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-06-21 304920]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-02-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-09-15 393216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-23 118784]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-09-15 1527808]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-21 1838592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------





And here is the info.txt files contents.


info.txt logfile of random's system information tool 1.02 2008-09-19 10:22:35

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BC5219E-3DAA-4F5C-96B1-64BA4D4CF17B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFF39E22-70BB-4DF2-9CD4-047E9DFC4299}\setup.exe" -l0x9
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Age of Conan - Hyborian Adventures-->"C:\Program Files\Funcom\Age of Conan\unins000.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Belkin Wireless G Plus MIMO USB Network Adapter-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{993A352A-2957-4661-A1EF-2D8F6F3C9234} /l1033
Belkin Wireless G Plus MIMO USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D9050\Setup.exe" -l0x9
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Business Tools Launcher-->MsiExec.exe /I{75685CA8-0B74-45BB-9C64-744A0FB79EDC}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Automated PC TuneUp-->MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dynex 1.3MP Webcam Driver (1.00.03.0000)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0500.uns -plugin V0500Pin.dll -pluginres CtCamPin.crl -langid 0x0409
Dynex Webcam User's Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BC5219E-3DAA-4F5C-96B1-64BA4D4CF17B}\setup.exe" -l0x9 /remove
FriendFinder Messenger v4.1-->MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\HijackThis\HijackThis.exe" /uninstall
Intel® PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel® PRO Network Connections 12.1.11.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kensington Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B5E17D7-C0CF-4CC3-8870-0181D622B93C}\setup.exe" -l0x9 -u
Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFF39E22-70BB-4DF2-9CD4-047E9DFC4299}\setup.exe" -l0x9 /remove
Medieval II Total War-->"C:\Program Files\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola Driver Installation-->MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Motorola Software Update-->MsiExec.exe /I{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NBCE Review-->C:\Windows\iun6002.exe "C:\Program Files\NBCE Review\irunin.ini"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Personal Entertainment Launcher-->MsiExec.exe /I{37F964E4-9C3F-4066-B933-1747D3AC6737}
Product Support Launcher-->MsiExec.exe /I{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPORE™ Creature Creator-->"C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall
AS: BitDefender Antispyware (disabled)
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------



Thanks again and please let me know if there is anything else I can do to help you figure out the situation.

Killface

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 20 September 2008 - 09:08 AM

Hi Killface and welcome to Bleepingcomputer :thumbsup:

Posted ImageCombofix Warning

ComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.



View Point Program

Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on remocing program can be found here.



Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1,
Link 2,
Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It
    is a simple procedure that will only take a few moments of your time.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.

    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan.

    Posted Image
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with the following:
  • Combofix log
  • Fresh RSIT Log <- Run this after combofix.
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 20 September 2008 - 05:36 PM

To run Combofix in vista is there a recovery console to install or do I just go ahead and run it? I have tried to look for a way to install the recovery console on Vista but it doesn't seem possible. Thanks for getting back to me. I'll get those logs to you tomorrow or Monday, having a pretty hectic weekend at the moment.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 20 September 2008 - 07:29 PM

Hi killface.

This is the first time I'm doing a Vista machine so please bear with me.

If you read the guide here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It says:

Windows Vista users can use their Windows CD to boot up into the Vista Recovery Environment


Hope that helps :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 22 September 2008 - 10:10 AM

Here are the logs from combofix and RSIT, I am still getting pop-ups when I browse the internet but my computer is running better than it was. I just placed the Vista DVD in the drive for combofix, I couldn't find a way to install any recovery environment from it.

Here is the combofix log.


ComboFix 08-09-20.05 - Danny 2008-09-22 9:57:24.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2178 [GMT -5:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-19 10:22 . 2008-09-19 10:22 <DIR> d-------- C:\rsit
2008-09-18 18:09 . 2008-09-18 18:09 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:05 . 2008-09-18 18:07 <DIR> d-------- C:\Program Files\Dynex
2008-09-18 18:05 . 2008-09-18 18:05 <DIR> d-------- C:\Program Files\Creative
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagwrn.xml
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagerr.xml
2008-09-16 01:18 . 2008-09-16 19:39 230,271,724 --a------ C:\Windows\MEMORY.DMP
2008-09-15 21:06 . 2008-09-15 21:06 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-15 21:05 . 2008-09-15 21:05 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Windows\System32\logs
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Binaries
2008-09-15 21:01 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-15 21:01 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\BitDefender
2008-09-15 21:00 . 2008-09-15 21:00 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-15 20:57 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-15 20:53 . 2008-09-15 20:54 <DIR> d-------- C:\Users\Danny\.housecall6.6
2008-09-15 17:32 . 2008-09-19 10:22 <DIR> d-------- C:\HijackThis
2008-09-15 00:06 . 2008-09-15 00:06 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-14 19:10 . 2008-09-14 19:10 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-09-14 16:17 . 2008-06-27 06:08 79,240 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-09-14 16:13 . 2008-06-20 05:41 34,152 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-09-14 15:49 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\McAfee
2008-09-14 12:14 . 2008-09-14 16:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 11:08 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-14 11:08 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-14 11:08 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-14 11:07 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-14 11:07 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-14 11:07 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-14 11:06 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-14 11:00 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-14 10:16 . 2008-09-14 10:16 <DIR> d-------- C:\VundoFix Backups
2008-09-14 10:00 . 2008-09-15 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-13 20:12 . 2008-09-13 20:12 91 --a------ C:\Windows\wininit.ini
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50 . 2008-09-13 06:52 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-13 06:13 . 2008-09-13 06:13 268 --ah----- C:\sqmdata00.sqm
2008-09-13 06:13 . 2008-09-13 06:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-13 01:39 . 2008-09-13 01:39 253,440 --a------ C:\Windows\System32\jkkKbASJ.dll
2008-09-10 21:24 . 2008-09-10 21:24 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-09-08 10:03 . 2008-09-10 14:45 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00 . 2008-09-08 10:00 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-09-08 09:57 . 2008-09-08 09:57 <DIR> d-------- C:\Program Files\CCleaner
2008-09-08 09:56 . 2008-09-08 09:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- C:\Program Files\NBCE Review
2008-09-07 16:15 . 2008-09-07 16:15 737,280 --a------ C:\Windows\iun6002.exe
2008-09-05 12:14 . 2008-09-05 12:14 <DIR> d-------- C:\Program Files\FriendFinder
2008-09-05 11:46 . 2008-09-05 11:46 <DIR> d-------- C:\Program Files\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 16:01 --------- d-----w C:\ProgramData\NVIDIA
2008-09-15 22:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-15 03:30 --------- d-----w C:\Program Files\Windows Mail
2008-09-15 03:20 --------- d-----w C:\Program Files\Microsoft Works
2008-09-15 03:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-14 21:06 --------- d-----w C:\ProgramData\Gtek
2008-09-13 06:33 --------- d-----w C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 15:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-08 15:00 1,546 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-08-15 02:41 --------- d-----w C:\Program Files\iTunes
2008-08-15 02:41 --------- d-----w C:\Program Files\iPod
2008-08-15 02:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 23:54 102,208 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-08-12 23:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-12 23:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-23 20:58 --------- d-----w C:\ProgramData\Trymedia
2008-07-22 14:06 --------- d-----w C:\Program Files\SEGA
2008-07-14 16:52 80,840 ----a-w C:\Windows\System32\ElbyVCD.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 11:06 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-05-16 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 20:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-16_19.49.07.99 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-16 02:00:10 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-17 08:02:45 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-09-16 02:00:06 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-17 08:02:46 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-09-16 02:00:05 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-17 08:02:53 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-09-16 02:00:05 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-17 08:02:46 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-09-16 02:00:10 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-17 08:02:51 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2008-09-16 02:00:11 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-17 08:02:49 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-09-16 02:00:06 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-17 08:02:51 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2008-09-16 02:00:07 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-17 08:02:45 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-09-16 02:00:07 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-17 08:02:53 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-09-16 02:00:08 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-17 08:02:49 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-09-16 02:00:07 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-17 08:02:47 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-09-16 02:00:07 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-17 08:02:47 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2008-09-16 02:00:08 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-17 08:02:50 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-09-16 02:00:08 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-17 08:02:53 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-09-16 02:00:08 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-17 08:02:49 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-09-16 02:00:08 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-17 08:02:47 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-09-16 02:00:08 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-17 08:02:48 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-09-16 02:00:08 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-17 08:02:51 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-09-16 02:00:11 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-17 08:02:44 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-09-16 02:00:09 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-17 08:02:46 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-09-16 02:00:09 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-17 08:02:46 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-09-16 02:00:08 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-18 08:01:41 1,265,664 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-16 02:00:09 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-17 08:02:47 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-09-16 02:00:10 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-17 08:02:50 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2008-09-16 02:00:07 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-18 08:01:42 1,232,896 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-18 08:01:51 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_541fbd1d\CustomMarshalers.dll
+ 2008-09-18 08:02:06 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_bcb700d3\CustomMarshalers.dll
+ 2008-09-18 08:02:02 3,391,488 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4de18c28\mscorlib.dll
+ 2008-09-18 08:02:17 8,908,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5c391993\mscorlib.dll
+ 2008-09-18 08:01:59 1,470,464 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_644dcca6\System.Design.dll
+ 2008-09-18 08:02:13 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8857d5b4\System.Design.dll
+ 2008-09-18 08:01:52 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_21b1d18b\System.Drawing.Design.dll
+ 2008-09-18 08:02:06 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_df582412\System.Drawing.Design.dll
+ 2008-09-18 08:02:14 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6dec2f66\System.Drawing.dll
+ 2008-09-18 08:02:00 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cbfe825c\System.Drawing.dll
+ 2008-09-18 08:01:55 3,018,752 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3d8e9af1\System.Windows.Forms.dll
+ 2008-09-18 08:02:09 7,884,800 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_5f27b3a5\System.Windows.Forms.dll
+ 2008-09-18 08:01:57 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a3784744\System.Xml.dll
+ 2008-09-18 08:02:11 5,513,216 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ebec52cd\System.Xml.dll
+ 2008-09-18 08:01:50 1,966,080 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_080ed8bb\System.dll
+ 2008-09-18 08:02:06 4,788,224 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_32ba4eb8\System.dll
+ 2007-06-14 01:52:16 90,112 ----a-w C:\Windows\CtDrvIns.exe
- 2008-09-16 15:59:53 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-09-18 23:06:26 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-09-16 15:59:43 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-09-18 23:06:23 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-09-16 15:59:52 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-09-18 23:06:25 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2003-02-21 00:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 02:30:52 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 00:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 06:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 00:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 00:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 02:30:52 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 01:57:52 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 15:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 16:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 15:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 16:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 00:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 19:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 12:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 19:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 12:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 19:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 00:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 12:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 19:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 12:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 12:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 12:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 00:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 05:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 00:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 05:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 00:09:14 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57:58 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 00:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:56:30 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 00:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58:00 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 12:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 00:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 05:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 00:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 05:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 00:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58:02 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 00:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 00:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-01-15 21:11:26 73,728 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 00:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 12:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 19:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 06:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4032\_PerfCounter.dll
- 2003-02-21 00:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 05:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 12:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 19:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 12:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 19:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 12:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 12:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 19:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 12:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 12:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 12:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 00:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 05:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 12:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 12:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 12:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 12:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 12:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 19:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 12:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 12:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 12:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 12:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 12:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 12:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 12:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 18:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 15:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 16:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 10:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 13:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 01:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 07:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-21 08:37:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-21 08:37:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-17 00:46:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-21 08:40:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-17 00:46:59 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-21 08:40:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-17 00:46:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-21 08:37:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-17 00:46:38 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-21 08:37:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-17 00:46:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-21 08:37:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-16 05:38:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-22 14:57:06 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2005-07-07 01:07:02 36,864 ----a-w C:\Windows\System32\CtCamMgr.dll
+ 2007-11-01 01:00:00 251,264 ----a-w C:\Windows\System32\drivers\V0500Vid.sys
+ 2005-07-07 01:07:02 36,864 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\CtCamMgr.dll
+ 2007-06-14 01:52:16 90,112 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\CtDrvIns.exe
+ 2006-05-04 02:04:00 172,032 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\CTTwain.dll
+ 2006-04-17 01:29:00 286,720 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\HookWnd.dll
+ 2007-09-19 01:00:00 20,480 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Cfg.exe
+ 2007-10-04 01:00:00 262,144 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Cvw.dll
+ 2007-10-25 01:00:00 32,768 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Hwx.dll
+ 2007-11-03 01:00:00 32,768 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Mon.exe
+ 2007-11-03 01:00:00 36,864 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Pin.dll
+ 2007-09-19 01:00:00 20,480 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Srv.exe
+ 2007-11-01 01:00:00 251,264 ------w C:\Windows\System32\DriverStore\FileRepository\v0500vid.inf_c97b2a43\V0500Vid.sys
- 2008-09-17 00:25:59 105,170 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-21 08:43:12 105,170 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-17 00:25:59 604,214 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-21 08:43:12 604,214 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-10-04 01:00:00 262,144 ----a-w C:\Windows\System32\V0500Cvw.dll
+ 2007-10-25 01:00:00 32,768 ----a-w C:\Windows\System32\V0500Hwx.dll
+ 2007-11-03 01:00:00 36,864 ----a-w C:\Windows\System32\V0500Pin.dll
+ 2007-09-19 01:00:00 20,480 ----a-w C:\Windows\System32\V0500Srv.exe
- 2008-09-17 00:41:51 9,278 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
+ 2008-09-21 08:41:52 10,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
- 2008-09-17 00:41:51 64,338 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-21 08:41:51 64,770 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-15 19:26:52 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-21 08:35:35 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-17 00:35:45 39,184 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-21 08:41:50 39,510 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-16 21:31:16 242,630 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-22 14:24:10 259,388 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-05-04 02:04:00 172,032 ----a-w C:\Windows\twain_32\Creative\VF0500\CTTwain.dll
+ 2006-04-17 01:29:00 286,720 ----a-w C:\Windows\twain_32\Creative\VF0500\HookWnd.dll
+ 2007-09-19 01:00:00 20,480 ----a-w C:\Windows\V0500Cfg.exe
+ 2007-11-03 01:00:00 32,768 ----a-w C:\Windows\V0500Mon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB8695D-DC20-4D3F-BA17-9FB23646AFFE}]
2008-09-13 01:39 253440 --a------ C:\Windows\system32\jkkKbASJ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BM9903e062"="C:\Users\Danny\AppData\Local\Temp\ctufslub.dll" [2008-09-21 97792]
"cmds"="C:\Windows\system32\jkkKbASJ.dll" [2008-09-13 253440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-23 92704]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-15 716800]
"V0500Mon.exe"="C:\Windows\V0500Mon.exe" [2007-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 02:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1B57D1-3629-48A2-AE69-14A5B7C875CD}"= TCP:10421:SingleClick Discovery Protocol
"{BFEED46E-710A-4781-9308-D5EDCACF6108}"= UDP:139:NetBIOS File/Printer Sharing
"{CCCF5B83-C418-44C4-845E-A75A46429B12}"= TCP:10426:SingleClick ICC
"{B2C97E17-D0BD-4399-8C7E-2CDFF823676E}"= UDP:445:Microsoft Directory Services
"{232968E5-B431-4FCB-9121-988AA05C0ED3}"= TCP:138:NetBIOS Datagram Service
"{D9E66B5C-E78E-4BF3-8E98-975DD46882DB}"= TCP:137:NetBIOS Name Service
"{37579AB4-BA0D-4D6C-A0DC-C54F713D8072}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6332C3CB-6523-484A-B39F-A43A6F7A2632}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9BDFB15C-E831-477A-ABC2-D9178F585976}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4CF3A0E-A7ED-44B1-86D6-4DAB6035BC11}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{FB06A9F6-64FC-4634-869F-5B02B072F7CA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{65DD857A-DFF0-4E42-9A07-12B463005F51}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= UDP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"UDP Query User{8EFB3FE7-0423-43CA-9C15-C89DE3084404}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= TCP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"{F9CAA924-D8D7-4389-9B96-72953B913102}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8CF8743D-02DA-4303-9570-90111BEFF0C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D09CD888-C874-4EB3-96AB-2FCC764E5822}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7112166D-9FA3-4BD5-BF6B-1DE382F09515}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A7649678-0041-469E-ACE2-D2961BEF5282}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{600A411C-8321-427B-A328-34BD0FA16F0F}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{113BD7B7-4C9F-45E1-8464-2E5853D959B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E226A6-DBD4-4803-B5DB-5CAFF234C5E4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FB8EE551-E364-4F74-ADB4-A8D7422E13C9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{32B1C6E0-FACA-4D8B-9954-B39976233433}"= UDP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{7D2B4A2A-99E5-4AE2-8E59-4F9C83845453}"= TCP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{C2151D98-0E97-43C5-8A5A-352962715372}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89045E46-7EA9-47C6-B23C-BC097E3D0C3C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A0E030AC-1AE7-44FE-9E11-8CA7FE4E4EDA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3E6BDF2E-695D-40E8-9F9D-46883002DF87}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68EF75C0-A3E1-4A41-AE4F-F1D61DC843EB}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{44C516C8-42AA-4CF9-989A-EE5996FB8E50}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"TCP Query User{BE68AD1C-3CFD-44B1-A2A0-8535D7802681}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{056D4ECF-4605-4418-A795-11E60D758937}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{775ADC16-26B0-4ECB-8D5B-5A4D606D34D2}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{01531176-BD49-43F5-A46A-205CF99034D0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
\shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\eqml09uw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 10:00:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Danny\AppData\Local\Temp\lwmfbhvc.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Danny\AppData\Local\Temp\cvhbfmwl.dll
-> C:\Users\Danny\AppData\Local\Temp\ctufslub.dll
-> C:\Windows\system32\jkkKbASJ.dll
.
Completion time: 2008-09-22 10:02:31
ComboFix-quarantined-files.txt 2008-09-22 15:02:28
ComboFix2.txt 2008-09-17 00:49:46

Pre-Run: 337,828,683,776 bytes free
Post-Run: 337,970,941,952 bytes free

483 --- E O F --- 2008-09-22 08:00:42


And here are the RSIT logs.

Logfile of random's system information tool 1.02 (written by random/random)
Run by Danny at 2008-09-22 10:05:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 322 GB (69%) free of 467 GB
Total RAM: 3069 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:09 AM, on 9/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Users\Danny\Desktop\RSIT.exe
C:\HijackThis\Danny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {3BB8695D-DC20-4D3F-BA17-9FB23646AFFE} - C:\Windows\system32\jkkKbASJ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\jkkKbASJ.dll,c
O4 - HKCU\..\Run: [BM9903e062] Rundll32.exe "C:\Users\Danny\AppData\Local\Temp\jqqwtbym.dll",s
O4 - HKCU\..\Run: [9a30d3fe] rundll32.exe "C:\Users\Danny\AppData\Local\Temp\kchtfkrt.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5399 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BB8695D-DC20-4D3F-BA17-9FB23646AFFE}]
C:\Windows\system32\jkkKbASJ.dll [2008-09-13 253440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-02-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-23 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-23 92704]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-09-15 716800]
"V0500Mon.exe"=C:\Windows\V0500Mon.exe [2007-11-02 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IMC"=C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"cmds"=C:\Windows\system32\jkkKbASJ.dll [2008-09-13 253440]
"BM9903e062"=C:\Users\Danny\AppData\Local\Temp\jqqwtbym.dll [2008-09-22 99328]
"9a30d3fe"=C:\Users\Danny\AppData\Local\Temp\kchtfkrt.dll [2008-09-22 90624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint


======List of files/folders created in the last 1 months======

2008-09-22 10:02:32 ----A---- C:\ComboFix.txt
2008-09-22 09:51:20 ----D---- C:\ComboFix
2008-09-22 09:51:18 ----A---- C:\Windows\swreg.exe
2008-09-19 10:22:24 ----D---- C:\rsit
2008-09-18 18:09:10 ----D---- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Mon.exe
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Cfg.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Srv.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Pin.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Hwx.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Cvw.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\CtCamMgr.dll
2008-09-18 18:06:11 ----A---- C:\Windows\CtDrvIns.exe
2008-09-18 18:05:34 ----D---- C:\Program Files\Dynex
2008-09-18 18:05:19 ----D---- C:\Program Files\Creative
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msshooks.dll
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msscb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propsys.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propdefs.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msstrc.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msshsq.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\wsepno.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\tquery.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\offfilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssvp.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssrch.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssph.dll
2008-09-16 00:38:21 ----D---- C:\Windows\erdnt
2008-09-16 00:37:36 ----D---- C:\QooBox
2008-09-16 00:37:34 ----A---- C:\Windows\zip.exe
2008-09-16 00:37:34 ----A---- C:\Windows\VFind.exe
2008-09-16 00:37:34 ----A---- C:\Windows\swsc.exe
2008-09-16 00:37:34 ----A---- C:\Windows\sed.exe
2008-09-16 00:37:34 ----A---- C:\Windows\Nircmd.exe
2008-09-16 00:37:34 ----A---- C:\Windows\grep.exe
2008-09-16 00:37:34 ----A---- C:\Windows\fdsv.exe
2008-09-16 00:37:11 ----A---- C:\Windows\swxcacls.exe
2008-09-15 21:49:50 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:02:36 ----D---- C:\Windows\system32\logs
2008-09-15 21:02:02 ----D---- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02:00 ----D---- C:\Binaries
2008-09-15 21:01:31 ----D---- C:\ProgramData\BitDefender
2008-09-15 21:01:30 ----D---- C:\Program Files\BitDefender
2008-09-15 21:00:11 ----D---- C:\Windows\system32\URTTEMP
2008-09-15 20:57:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-15 17:32:47 ----D---- C:\HijackThis
2008-09-15 00:06:51 ----D---- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24:34 ----A---- C:\Windows\system32\tzres.dll
2008-09-14 19:10:19 ----D---- C:\ProgramData\SiteAdvisor
2008-09-14 15:49:14 ----D---- C:\ProgramData\McAfee
2008-09-14 12:14:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-14 12:12:52 ----HD---- C:\Config.Msi
2008-09-14 11:08:36 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-14 11:08:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-14 11:08:21 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-14 11:07:01 ----A---- C:\Windows\system32\EncDec.dll
2008-09-14 11:07:00 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-14 11:02:52 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-14 11:02:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-14 11:02:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-14 11:02:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-14 11:02:26 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-14 11:02:12 ----A---- C:\Windows\system32\shell32.dll
2008-09-14 11:02:02 ----A---- C:\Windows\system32\es.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\wininet.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\mshtml.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\ieframe.dll
2008-09-14 11:01:38 ----A---- C:\Windows\system32\urlmon.dll
2008-09-14 11:01:36 ----A---- C:\Windows\system32\mstime.dll
2008-09-14 11:01:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\dataclen.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\cdd.dll
2008-09-14 11:01:11 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wshext.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wscript.exe
2008-09-14 11:01:05 ----A---- C:\Windows\system32\vbscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrrun.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrobj.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\jscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\cscript.exe
2008-09-14 11:00:59 ----A---- C:\Windows\system32\quartz.dll
2008-09-14 10:16:28 ----A---- C:\VundoFix.txt
2008-09-14 10:16:27 ----D---- C:\VundoFix Backups
2008-09-14 10:00:31 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-14 09:12:03 ----D---- C:\Windows\pss
2008-09-13 20:12:41 ----A---- C:\Windows\wininit.ini
2008-09-13 16:17:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50:17 ----D---- C:\ProgramData\Lavasoft
2008-09-13 01:41:19 ----A---- C:\ProgramData\pskt.ini
2008-09-13 01:41:19 ----A---- C:\ProgramData\BM9903e062.txt
2008-09-13 01:40:50 ----A---- C:\Windows\system32\91131780-.txt
2008-09-13 01:39:07 ----A---- C:\Windows\system32\jkkKbASJ.dll
2008-09-10 21:24:50 ----HD---- C:\ProgramData\CanonBJ
2008-09-08 10:03:10 ----D---- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00:36 ----D---- C:\ProgramData\Electronic Arts
2008-09-08 09:57:59 ----D---- C:\Program Files\CCleaner
2008-09-08 09:56:16 ----D---- C:\Program Files\Electronic Arts
2008-09-07 16:15:46 ----A---- C:\Windows\iun6002.exe
2008-09-07 16:15:44 ----D---- C:\Program Files\NBCE Review
2008-09-05 12:14:47 ----D---- C:\Program Files\FriendFinder
2008-09-05 11:46:33 ----D---- C:\Program Files\Elaborate Bytes
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwssr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwss.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvitvs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvudisp.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmobls.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccssr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccss.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmccs.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvgamesr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvgames.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvdispsr.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvdisps.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcpl.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcolor.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcod134.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcod.dll

======List of files/folders modified in the last 1 months======

2008-09-22 10:04:56 ----D---- C:\Windows\Temp
2008-09-22 10:02:35 ----D---- C:\Windows\System32
2008-09-22 10:02:33 ----D---- C:\Windows
2008-09-22 10:00:32 ----A---- C:\Windows\system.ini
2008-09-22 10:00:31 ----D---- C:\Windows\system32\en-US
2008-09-22 09:59:16 ----D---- C:\Windows\system32\drivers
2008-09-22 09:59:16 ----D---- C:\Windows\AppPatch
2008-09-22 09:59:16 ----D---- C:\Program Files\Common Files
2008-09-22 09:56:36 ----SHD---- C:\System Volume Information
2008-09-22 09:49:39 ----D---- C:\Windows\Prefetch
2008-09-22 03:00:39 ----SHD---- C:\Windows\Installer
2008-09-21 03:43:12 ----D---- C:\Windows\inf
2008-09-21 03:43:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-18 18:07:36 ----RD---- C:\Users
2008-09-18 18:07:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 18:06:29 ----D---- C:\Windows\twain_32
2008-09-18 18:06:25 ----D---- C:\Windows\system32\catroot
2008-09-18 18:05:34 ----RD---- C:\Program Files
2008-09-18 18:05:04 ----D---- C:\Windows\system32\catroot2
2008-09-17 09:53:15 ----D---- C:\Program Files\Mozilla Firefox
2008-09-17 03:02:47 ----D---- C:\Windows\Registration
2008-09-17 03:01:59 ----D---- C:\Program Files\Internet Explorer
2008-09-16 19:45:26 ----SHD---- C:\Boot
2008-09-16 19:45:26 ----D---- C:\Windows\system32\config
2008-09-16 19:39:57 ----D---- C:\Windows\Minidump
2008-09-16 11:34:36 ----D---- C:\Windows\rescache
2008-09-16 11:06:08 ----D---- C:\Windows\PolicyDefinitions
2008-09-16 11:01:00 ----D---- C:\ProgramData\NVIDIA
2008-09-16 10:59:04 ----D---- C:\Windows\winsxs
2008-09-15 21:05:40 ----HD---- C:\ProgramData
2008-09-15 21:00:46 ----RSD---- C:\Windows\assembly
2008-09-15 20:58:46 ----D---- C:\Windows\Tasks
2008-09-15 17:46:03 ----AD---- C:\ProgramData\TEMP
2008-09-15 14:56:58 ----SD---- C:\Windows\Downloaded Program Files
2008-09-15 00:50:51 ----D---- C:\Windows\Debug
2008-09-14 22:30:16 ----D---- C:\Windows\ehome
2008-09-14 22:30:14 ----D---- C:\Windows\system32\migration
2008-09-14 22:30:10 ----D---- C:\Program Files\Windows Mail
2008-09-14 22:26:06 ----D---- C:\Windows\Microsoft.NET
2008-09-14 22:20:11 ----D---- C:\Program Files\Microsoft Works
2008-09-14 22:19:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-14 16:07:24 ----SD---- C:\ProgramData\Microsoft
2008-09-14 16:06:48 ----D---- C:\ProgramData\Gtek
2008-09-14 14:23:46 ----D---- C:\Windows\system32\WDI
2008-09-14 12:32:07 ----SD---- C:\Users\Danny\AppData\Roaming\Microsoft
2008-09-14 09:56:20 ----HD---- C:\Windows\system32\GroupPolicy
2008-09-13 01:33:44 ----D---- C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 10:03:02 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-09-08 09:36:10 ----D---- C:\Windows\system32\Tasks
2008-08-26 13:28:14 ----A---- C:\Windows\system32\mrt.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvvsvc.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvuninst.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvsvc.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvmctray.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvexpbar.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcpluir.dll
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvcplui.exe
2008-08-23 00:35:00 ----A---- C:\Windows\system32\nvapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-09-15 133184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-06-27 207656]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\Windows\system32\DRIVERS\AegisP.sys [2008-04-09 21275]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-21 228224]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-23 1778464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-23 7475488]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 V0500Dev;Dynex 1.3MP Webcam Driver; C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 4736]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 spring;spring; \??\C:\Users\Danny\Desktop\Max\spring.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-06-21 304920]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-02-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-09-15 393216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-23 118784]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-09-15 1527808]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-21 1838592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------


Thanks for your help and let me know if there is anything else I can do to help you along.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 22 September 2008 - 03:12 PM

Hi.

You ran combofix more than once..
Please do not run combofix more than once because then I won't be able to see what happened in the first run.

Please Navigate to C:\Qoobox folder.

In the Qoobox look for a .txt file that says xxxxxxCombofix1.txt
xxxxxx=the date that combofix was ran.

please post back with the contents of that log file(combofix.txt)

I want to see that results please.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 22 September 2008 - 10:11 PM

I believe this is the combofix log you are looking for. I have been considering just doing a clean reinstall of Vista if we can't get it figured out soon, that would clean my computer of the virus right? Other than figuring out where to store some pictures, music, and reinstalling some games I wouldn't lose anything important.


ComboFix 08-09-15.02 - Danny 2008-09-16 19:42:28.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2239 [GMT -5:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Danny\AppData\Local\Temp\pxxaunys.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.

2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagwrn.xml
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagerr.xml
2008-09-16 01:18 . 2008-09-16 19:39 230,271,724 --a------ C:\Windows\MEMORY.DMP
2008-09-15 21:06 . 2008-09-15 21:06 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-15 21:05 . 2008-09-15 21:05 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Windows\System32\logs
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Binaries
2008-09-15 21:01 . 2008-09-15 21:05 <DIR> d-------- C:\Users\All Users\BitDefender
2008-09-15 21:01 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-15 21:01 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\BitDefender
2008-09-15 21:00 . 2008-09-15 21:00 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-15 20:57 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-15 20:53 . 2008-09-15 20:54 <DIR> d-------- C:\Users\Danny\.housecall6.6
2008-09-15 17:32 . 2008-09-15 22:47 <DIR> d-------- C:\HijackThis
2008-09-15 00:06 . 2008-09-15 00:06 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-14 19:10 . 2008-09-14 19:10 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-09-14 19:10 . 2008-09-14 19:10 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-09-14 16:17 . 2008-06-27 06:08 79,240 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-09-14 16:13 . 2008-06-20 05:41 34,152 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-09-14 15:49 . 2008-09-15 21:05 <DIR> d-------- C:\Users\All Users\McAfee
2008-09-14 15:49 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\McAfee
2008-09-14 12:14 . 2008-09-14 16:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 11:08 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-14 11:08 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-14 11:08 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-14 11:07 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-14 11:07 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-14 11:07 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-14 11:06 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-14 11:00 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-14 10:16 . 2008-09-14 10:16 <DIR> d-------- C:\VundoFix Backups
2008-09-14 10:00 . 2008-09-15 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-13 20:12 . 2008-09-13 20:12 91 --a------ C:\Windows\wininit.ini
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50 . 2008-09-13 06:52 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-13 06:50 . 2008-09-13 06:52 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-13 06:13 . 2008-09-13 06:13 268 --ah----- C:\sqmdata00.sqm
2008-09-13 06:13 . 2008-09-13 06:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-13 01:39 . 2008-09-13 01:39 253,440 --a------ C:\Windows\System32\jkkKbASJ.dll
2008-09-10 21:24 . 2008-09-10 21:24 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-09-10 21:24 . 2008-09-10 21:24 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-09-08 10:03 . 2008-09-10 14:45 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00 . 2008-09-08 10:00 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-09-08 10:00 . 2008-09-08 10:00 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-09-08 09:57 . 2008-09-08 09:57 <DIR> d-------- C:\Program Files\CCleaner
2008-09-08 09:56 . 2008-09-08 09:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- C:\Program Files\NBCE Review
2008-09-07 16:15 . 2008-09-07 16:15 737,280 --a------ C:\Windows\iun6002.exe
2008-09-05 12:14 . 2008-09-05 12:14 <DIR> d-------- C:\Program Files\FriendFinder
2008-09-05 11:46 . 2008-09-05 11:46 <DIR> d-------- C:\Program Files\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 16:01 --------- d-----w C:\ProgramData\NVIDIA
2008-09-15 22:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-15 03:30 --------- d-----w C:\Program Files\Windows Mail
2008-09-15 03:20 --------- d-----w C:\Program Files\Microsoft Works
2008-09-15 03:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-14 21:06 --------- d-----w C:\ProgramData\Gtek
2008-09-13 06:33 --------- d-----w C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 05:35 7,475,488 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-08-15 02:41 --------- d-----w C:\Program Files\iTunes
2008-08-15 02:41 --------- d-----w C:\Program Files\iPod
2008-08-15 02:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 23:54 102,208 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-08-12 23:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-12 23:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-23 20:58 --------- d-----w C:\ProgramData\Trymedia
2008-07-22 14:06 --------- d-----w C:\Program Files\SEGA
2008-07-21 12:11 24,392 ----a-w C:\Windows\system32\drivers\ElbyCDIO.sys
2008-07-17 00:12 28,672 ----a-w C:\Windows\system32\drivers\VClone.sys
2008-05-16 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 20:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BB8695D-DC20-4D3F-BA17-9FB23646AFFE}]
2008-09-13 01:39 253440 --a------ C:\Windows\system32\jkkKbASJ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-23 92704]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-09-15 21:10 716800 C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2008-08-10 23:53 69632 C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 02:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1B57D1-3629-48A2-AE69-14A5B7C875CD}"= TCP:10421:SingleClick Discovery Protocol
"{BFEED46E-710A-4781-9308-D5EDCACF6108}"= UDP:139:NetBIOS File/Printer Sharing
"{CCCF5B83-C418-44C4-845E-A75A46429B12}"= TCP:10426:SingleClick ICC
"{B2C97E17-D0BD-4399-8C7E-2CDFF823676E}"= UDP:445:Microsoft Directory Services
"{232968E5-B431-4FCB-9121-988AA05C0ED3}"= TCP:138:NetBIOS Datagram Service
"{D9E66B5C-E78E-4BF3-8E98-975DD46882DB}"= TCP:137:NetBIOS Name Service
"{37579AB4-BA0D-4D6C-A0DC-C54F713D8072}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6332C3CB-6523-484A-B39F-A43A6F7A2632}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9BDFB15C-E831-477A-ABC2-D9178F585976}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4CF3A0E-A7ED-44B1-86D6-4DAB6035BC11}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{FB06A9F6-64FC-4634-869F-5B02B072F7CA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{65DD857A-DFF0-4E42-9A07-12B463005F51}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= UDP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"UDP Query User{8EFB3FE7-0423-43CA-9C15-C89DE3084404}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= TCP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"{F9CAA924-D8D7-4389-9B96-72953B913102}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8CF8743D-02DA-4303-9570-90111BEFF0C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D09CD888-C874-4EB3-96AB-2FCC764E5822}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7112166D-9FA3-4BD5-BF6B-1DE382F09515}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A7649678-0041-469E-ACE2-D2961BEF5282}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{600A411C-8321-427B-A328-34BD0FA16F0F}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{113BD7B7-4C9F-45E1-8464-2E5853D959B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E226A6-DBD4-4803-B5DB-5CAFF234C5E4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FB8EE551-E364-4F74-ADB4-A8D7422E13C9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{32B1C6E0-FACA-4D8B-9954-B39976233433}"= UDP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{7D2B4A2A-99E5-4AE2-8E59-4F9C83845453}"= TCP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{C2151D98-0E97-43C5-8A5A-352962715372}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89045E46-7EA9-47C6-B23C-BC097E3D0C3C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A0E030AC-1AE7-44FE-9E11-8CA7FE4E4EDA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3E6BDF2E-695D-40E8-9F9D-46883002DF87}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68EF75C0-A3E1-4A41-AE4F-F1D61DC843EB}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{44C516C8-42AA-4CF9-989A-EE5996FB8E50}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"TCP Query User{BE68AD1C-3CFD-44B1-A2A0-8535D7802681}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{056D4ECF-4605-4418-A795-11E60D758937}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{775ADC16-26B0-4ECB-8D5B-5A4D606D34D2}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{01531176-BD49-43F5-A46A-205CF99034D0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{4fffa882-0da0-470d-a0ca-5bb152fceea7} - C:\Windows\system32\jpeupf.dll
ShellExecuteHooks-{B62B5CE6-A4BF-428D-8A21-47EE1BD90EAC} - (no file)
MSConfigStartUp-9a30d3fe - C:\Users\Danny\AppData\Local\Temp\tneacysn.dll
MSConfigStartUp-BM9903e062 - C:\Users\Danny\AppData\Local\Temp\pxxaunys.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\eqml09uw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 19:47:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-16 19:49:45 - machine was rebooted [Danny]
ComboFix-quarantined-files.txt 2008-09-17 00:49:33

Pre-Run: 365,832,994,816 bytes free
Post-Run: 365,735,231,488 bytes free

245 --- E O F --- 2008-09-16 16:21:58

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 23 September 2008 - 02:20 PM

Hi Again.

I have been considering just doing a clean reinstall of Vista if we can't get it figured out soon, that would clean my computer of the virus right? Other than figuring out where to store some pictures, music, and reinstalling some games I wouldn't lose anything important.

If you wish to reinstall that fine, but we can get this machine cleaned no promblem. Don't worry your almost clean now we just need to do some housework and some other things left. If you still wish to reinstall then please tell me in your next post so the topic can be closed.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\Users\Danny\AppData\Local\Temp\kchtfkrt.dll
    C:\Users\Danny\AppData\Local\Temp\jqqwtbym.dll
    C:\Windows\system32\jkkKbASJ.dll
    C:\Users\Danny\AppData\Local\Temp\ctufslub.dll
    C:\Users\Danny\AppData\Local\Temp\lwmfbhvc.tmp
    
    Registry::
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "cmds"=-
    "BM9903e062"=-
    "9a30d3fe"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Thanks :thumbsup:

Post back with the:
-Combofix log
-Kaspersky online scan log
-Fresh RSIT log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 24 September 2008 - 12:28 AM

I'm gonna go ahead and try to get everything worked out this way. I was just curious if a clean reinstall would work as a last resort. Here are the logs you requested.

Combofix Log:

ComboFix 08-09-22.06 - Danny 2008-09-23 21:24:39.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2090 [GMT -5:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Users\Danny\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Danny\AppData\Local\Temp\ctufslub.dll
C:\Users\Danny\AppData\Local\Temp\jqqwtbym.dll
C:\Users\Danny\AppData\Local\Temp\kchtfkrt.dll
C:\Users\Danny\AppData\Local\Temp\lwmfbhvc.tmp
C:\Windows\system32\jkkKbASJ.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Danny\AppData\Local\Temp\ctufslub.dll
C:\Users\Danny\AppData\Local\Temp\jqqwtbym.dll
C:\Users\Danny\AppData\Local\Temp\kchtfkrt.dll
C:\Windows\system32\jkkKbASJ.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 01:01 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-23 01:01 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-23 01:01 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-23 01:01 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-23 01:00 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-23 01:00 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-19 10:22 . 2008-09-19 10:22 <DIR> d-------- C:\rsit
2008-09-18 18:09 . 2008-09-18 18:09 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:05 . 2008-09-18 18:07 <DIR> d-------- C:\Program Files\Dynex
2008-09-18 18:05 . 2008-09-18 18:05 <DIR> d-------- C:\Program Files\Creative
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagwrn.xml
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagerr.xml
2008-09-16 01:18 . 2008-09-16 19:39 230,271,724 --a------ C:\Windows\MEMORY.DMP
2008-09-15 21:06 . 2008-09-15 21:06 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-15 21:05 . 2008-09-15 21:05 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Windows\System32\logs
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Binaries
2008-09-15 21:01 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-15 21:01 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\BitDefender
2008-09-15 21:00 . 2008-09-15 21:00 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-15 20:57 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-15 20:53 . 2008-09-15 20:54 <DIR> d-------- C:\Users\Danny\.housecall6.6
2008-09-15 17:32 . 2008-09-22 10:05 <DIR> d-------- C:\HijackThis
2008-09-15 00:06 . 2008-09-15 00:06 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-14 19:10 . 2008-09-14 19:10 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-09-14 16:17 . 2008-06-27 06:08 79,240 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-09-14 16:13 . 2008-06-20 05:41 34,152 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-09-14 15:49 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\McAfee
2008-09-14 12:14 . 2008-09-14 16:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 11:08 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-14 11:08 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-14 11:08 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-14 11:07 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-14 11:07 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-14 11:07 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-14 11:06 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-14 11:00 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-14 10:16 . 2008-09-14 10:16 <DIR> d-------- C:\VundoFix Backups
2008-09-14 10:00 . 2008-09-15 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-13 20:12 . 2008-09-13 20:12 91 --a------ C:\Windows\wininit.ini
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50 . 2008-09-13 06:52 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-13 06:13 . 2008-09-13 06:13 268 --ah----- C:\sqmdata00.sqm
2008-09-13 06:13 . 2008-09-13 06:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-10 21:24 . 2008-09-10 21:24 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-09-08 10:03 . 2008-09-10 14:45 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00 . 2008-09-08 10:00 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-09-08 09:57 . 2008-09-08 09:57 <DIR> d-------- C:\Program Files\CCleaner
2008-09-08 09:56 . 2008-09-08 09:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- C:\Program Files\NBCE Review
2008-09-07 16:15 . 2008-09-07 16:15 737,280 --a------ C:\Windows\iun6002.exe
2008-09-05 12:14 . 2008-09-05 12:14 <DIR> d-------- C:\Program Files\FriendFinder
2008-09-05 11:46 . 2008-09-05 11:46 <DIR> d-------- C:\Program Files\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 16:01 --------- d-----w C:\ProgramData\NVIDIA
2008-09-15 22:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-15 03:30 --------- d-----w C:\Program Files\Windows Mail
2008-09-15 03:20 --------- d-----w C:\Program Files\Microsoft Works
2008-09-15 03:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-14 21:06 --------- d-----w C:\ProgramData\Gtek
2008-09-13 06:33 --------- d-----w C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 15:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-08 15:00 1,546 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-08-15 02:41 --------- d-----w C:\Program Files\iTunes
2008-08-15 02:41 --------- d-----w C:\Program Files\iPod
2008-08-15 02:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 23:54 102,208 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-08-12 23:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-12 23:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-14 16:52 80,840 ----a-w C:\Windows\System32\ElbyVCD.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 11:06 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-05-16 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 20:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-09-22_10.01.16.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-24 02:24:13 6,295,552 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-09-21 08:37:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-24 02:30:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-21 08:37:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-24 02:30:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-21 08:40:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-24 02:30:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-21 08:40:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-24 02:30:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-07-31 00:19:54 71,352 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-07-19 03:08:20 72,256 ------w C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-09-21 08:37:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-24 02:30:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-21 08:37:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-24 02:30:09 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-21 08:37:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-24 02:30:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-22 14:57:06 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-24 02:24:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-09-21 08:43:12 105,170 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-23 00:42:37 105,170 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-21 08:43:12 604,214 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-23 00:42:37 604,214 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-16 23:30:28 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-24 02:27:44 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-21 08:41:52 10,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
+ 2008-09-23 00:40:53 10,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
- 2008-09-21 08:41:51 64,770 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 00:40:52 64,890 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-21 08:35:35 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-22 23:58:55 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-21 08:41:50 39,510 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 00:40:50 39,806 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-22 14:24:10 259,388 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-23 21:30:15 261,060 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2008-09-16 15:58:39 125,154,083 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-23 06:01:24 125,457,085 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-19 05:09:42 563,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wuapi.dll
+ 2008-07-19 03:44:12 83,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wudriver.dll
+ 2008-07-19 05:10:18 36,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.784_none_10766c5d7a4348db\wups.dll
+ 2008-07-19 01:44:32 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuapp.exe
+ 2008-07-19 03:08:18 163,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.784_none_ba812c9e1ffa7ad7\wuwebv.dll
+ 2008-07-19 05:10:40 53,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuauclt.exe
+ 2008-07-19 05:09:40 1,811,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wuaueng.dll
+ 2008-07-19 05:10:39 45,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.784_none_2a6532116682efd8\wups2.dll
+ 2008-07-19 03:44:52 1,524,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.784_none_a81255bc06873289\wucltux.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-23 92704]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-15 716800]
"V0500Mon.exe"="C:\Windows\V0500Mon.exe" [2007-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 02:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1B57D1-3629-48A2-AE69-14A5B7C875CD}"= TCP:10421:SingleClick Discovery Protocol
"{BFEED46E-710A-4781-9308-D5EDCACF6108}"= UDP:139:NetBIOS File/Printer Sharing
"{CCCF5B83-C418-44C4-845E-A75A46429B12}"= TCP:10426:SingleClick ICC
"{B2C97E17-D0BD-4399-8C7E-2CDFF823676E}"= UDP:445:Microsoft Directory Services
"{232968E5-B431-4FCB-9121-988AA05C0ED3}"= TCP:138:NetBIOS Datagram Service
"{D9E66B5C-E78E-4BF3-8E98-975DD46882DB}"= TCP:137:NetBIOS Name Service
"{37579AB4-BA0D-4D6C-A0DC-C54F713D8072}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6332C3CB-6523-484A-B39F-A43A6F7A2632}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9BDFB15C-E831-477A-ABC2-D9178F585976}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4CF3A0E-A7ED-44B1-86D6-4DAB6035BC11}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{FB06A9F6-64FC-4634-869F-5B02B072F7CA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{65DD857A-DFF0-4E42-9A07-12B463005F51}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= UDP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"UDP Query User{8EFB3FE7-0423-43CA-9C15-C89DE3084404}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= TCP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"{F9CAA924-D8D7-4389-9B96-72953B913102}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8CF8743D-02DA-4303-9570-90111BEFF0C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D09CD888-C874-4EB3-96AB-2FCC764E5822}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7112166D-9FA3-4BD5-BF6B-1DE382F09515}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A7649678-0041-469E-ACE2-D2961BEF5282}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{600A411C-8321-427B-A328-34BD0FA16F0F}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{113BD7B7-4C9F-45E1-8464-2E5853D959B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E226A6-DBD4-4803-B5DB-5CAFF234C5E4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FB8EE551-E364-4F74-ADB4-A8D7422E13C9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{32B1C6E0-FACA-4D8B-9954-B39976233433}"= UDP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{7D2B4A2A-99E5-4AE2-8E59-4F9C83845453}"= TCP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{C2151D98-0E97-43C5-8A5A-352962715372}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89045E46-7EA9-47C6-B23C-BC097E3D0C3C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A0E030AC-1AE7-44FE-9E11-8CA7FE4E4EDA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3E6BDF2E-695D-40E8-9F9D-46883002DF87}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68EF75C0-A3E1-4A41-AE4F-F1D61DC843EB}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{44C516C8-42AA-4CF9-989A-EE5996FB8E50}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"TCP Query User{BE68AD1C-3CFD-44B1-A2A0-8535D7802681}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{056D4ECF-4605-4418-A795-11E60D758937}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{775ADC16-26B0-4ECB-8D5B-5A4D606D34D2}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{01531176-BD49-43F5-A46A-205CF99034D0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
\shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint
.
- - - - ORPHANS REMOVED - - - -

BHO-{3BB8695D-DC20-4D3F-BA17-9FB23646AFFE} - C:\Windows\system32\jkkKbASJ.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 21:33:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\NSI.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-23 21:36:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 02:36:37
ComboFix2.txt 2008-09-22 15:02:32
ComboFix3.txt 2008-09-17 00:49:46

Pre-Run: 338,523,856,896 bytes free
Post-Run: 339,102,146,560 bytes free

301 --- E O F --- 2008-09-23 23:48:50



The Kaspersky Scan:

Tuesday, September 23, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 02:59:09
Records in database: 1253077
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 104704
Threat name 4
Infected objects 8
Suspicious objects 0
Duration of the scan 01:02:33

File name Threat name Threats count
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab Infected: Trojan.Win32.Monder.oaf 4
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab Infected: Trojan.Win32.Monderb.ptj 2
C:\QooBox\Quarantine\C\Users\Danny\AppData\Local\Temp\ctufslub.dll.vir Infected: Trojan.Win32.Monder.pso 1
C:\QooBox\Quarantine\C\Users\Danny\AppData\Local\Temp\kchtfkrt.dll.vir Infected: Trojan.Win32.Inject.icf 1
The selected area was scanned.


And the RSIT Scan:


Logfile of random's system information tool 1.02 (written by random/random)
Run by Danny at 2008-09-24 00:08:22
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 322 GB (69%) free of 467 GB
Total RAM: 3069 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:27 AM, on 9/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\V0500Mon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Danny\Desktop\RSIT.exe
C:\HijackThis\Danny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5032 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-02-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-23 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-23 92704]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-09-15 716800]
"V0500Mon.exe"=C:\Windows\V0500Mon.exe [2007-11-02 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IMC"=C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint


======List of files/folders created in the last 1 months======

2008-09-23 21:36:47 ----A---- C:\ComboFix.txt
2008-09-23 21:23:38 ----D---- C:\ComboFix
2008-09-23 21:23:37 ----A---- C:\Windows\swreg.exe
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wups2.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wucltux.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-23 01:00:50 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-23 01:00:50 ----A---- C:\Windows\system32\wuapp.exe
2008-09-19 10:22:24 ----D---- C:\rsit
2008-09-18 18:09:10 ----D---- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Mon.exe
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Cfg.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Srv.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Pin.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Hwx.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Cvw.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\CtCamMgr.dll
2008-09-18 18:06:11 ----A---- C:\Windows\CtDrvIns.exe
2008-09-18 18:05:34 ----D---- C:\Program Files\Dynex
2008-09-18 18:05:19 ----D---- C:\Program Files\Creative
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msshooks.dll
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msscb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propsys.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propdefs.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msstrc.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msshsq.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\wsepno.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\tquery.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\offfilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssvp.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssrch.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssph.dll
2008-09-16 00:38:21 ----D---- C:\Windows\erdnt
2008-09-16 00:37:36 ----D---- C:\QooBox
2008-09-16 00:37:34 ----A---- C:\Windows\zip.exe
2008-09-16 00:37:34 ----A---- C:\Windows\VFind.exe
2008-09-16 00:37:34 ----A---- C:\Windows\swsc.exe
2008-09-16 00:37:34 ----A---- C:\Windows\sed.exe
2008-09-16 00:37:34 ----A---- C:\Windows\Nircmd.exe
2008-09-16 00:37:34 ----A---- C:\Windows\grep.exe
2008-09-16 00:37:34 ----A---- C:\Windows\fdsv.exe
2008-09-16 00:37:11 ----A---- C:\Windows\swxcacls.exe
2008-09-15 21:49:50 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:02:36 ----D---- C:\Windows\system32\logs
2008-09-15 21:02:02 ----D---- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02:00 ----D---- C:\Binaries
2008-09-15 21:01:31 ----D---- C:\ProgramData\BitDefender
2008-09-15 21:01:30 ----D---- C:\Program Files\BitDefender
2008-09-15 21:00:11 ----D---- C:\Windows\system32\URTTEMP
2008-09-15 20:57:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-15 17:32:47 ----D---- C:\HijackThis
2008-09-15 00:06:51 ----D---- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24:34 ----A---- C:\Windows\system32\tzres.dll
2008-09-14 19:10:19 ----D---- C:\ProgramData\SiteAdvisor
2008-09-14 15:49:14 ----D---- C:\ProgramData\McAfee
2008-09-14 12:14:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-14 12:12:52 ----HD---- C:\Config.Msi
2008-09-14 11:08:36 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-14 11:08:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-14 11:08:21 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-14 11:07:01 ----A---- C:\Windows\system32\EncDec.dll
2008-09-14 11:07:00 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-14 11:02:52 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-14 11:02:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-14 11:02:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-14 11:02:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-14 11:02:26 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-14 11:02:12 ----A---- C:\Windows\system32\shell32.dll
2008-09-14 11:02:02 ----A---- C:\Windows\system32\es.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\wininet.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\mshtml.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\ieframe.dll
2008-09-14 11:01:38 ----A---- C:\Windows\system32\urlmon.dll
2008-09-14 11:01:36 ----A---- C:\Windows\system32\mstime.dll
2008-09-14 11:01:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\dataclen.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\cdd.dll
2008-09-14 11:01:11 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wshext.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wscript.exe
2008-09-14 11:01:05 ----A---- C:\Windows\system32\vbscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrrun.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrobj.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\jscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\cscript.exe
2008-09-14 11:00:59 ----A---- C:\Windows\system32\quartz.dll
2008-09-14 10:16:28 ----A---- C:\VundoFix.txt
2008-09-14 10:16:27 ----D---- C:\VundoFix Backups
2008-09-14 10:00:31 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-14 09:12:03 ----D---- C:\Windows\pss
2008-09-13 20:12:41 ----A---- C:\Windows\wininit.ini
2008-09-13 16:17:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50:17 ----D---- C:\ProgramData\Lavasoft
2008-09-13 01:41:19 ----A---- C:\ProgramData\pskt.ini
2008-09-13 01:41:19 ----A---- C:\ProgramData\BM9903e062.txt
2008-09-13 01:40:50 ----A---- C:\Windows\system32\91131780-.txt
2008-09-10 21:24:50 ----HD---- C:\ProgramData\CanonBJ
2008-09-08 10:03:10 ----D---- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00:36 ----D---- C:\ProgramData\Electronic Arts
2008-09-08 09:57:59 ----D---- C:\Program Files\CCleaner
2008-09-08 09:56:16 ----D---- C:\Program Files\Electronic Arts
2008-09-07 16:15:46 ----A---- C:\Windows\iun6002.exe
2008-09-07 16:15:44 ----D---- C:\Program Files\NBCE Review
2008-09-05 12:14:47 ----D---- C:\Program Files\FriendFinder
2008-09-05 11:46:33 ----D---- C:\Program Files\Elaborate Bytes

======List of files/folders modified in the last 1 months======

2008-09-24 00:08:27 ----D---- C:\Windows\Temp
2008-09-24 00:08:27 ----D---- C:\Windows\Prefetch
2008-09-23 21:45:40 ----D---- C:\Windows\rescache
2008-09-23 21:36:51 ----D---- C:\Windows\System32
2008-09-23 21:36:49 ----D---- C:\Windows\system32\drivers
2008-09-23 21:36:49 ----D---- C:\Windows
2008-09-23 21:35:59 ----D---- C:\Windows\inf
2008-09-23 21:35:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-23 21:33:37 ----A---- C:\Windows\system.ini
2008-09-23 21:33:36 ----D---- C:\Windows\system32\en-US
2008-09-23 21:26:18 ----D---- C:\Windows\AppPatch
2008-09-23 21:26:18 ----D---- C:\Program Files\Common Files
2008-09-23 21:24:00 ----SHD---- C:\System Volume Information
2008-09-23 03:00:23 ----SHD---- C:\Windows\Installer
2008-09-23 01:02:16 ----D---- C:\Windows\winsxs
2008-09-23 01:01:30 ----D---- C:\Windows\system32\catroot
2008-09-18 18:07:36 ----RD---- C:\Users
2008-09-18 18:07:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 18:06:29 ----D---- C:\Windows\twain_32
2008-09-18 18:05:34 ----RD---- C:\Program Files
2008-09-18 18:05:04 ----D---- C:\Windows\system32\catroot2
2008-09-17 09:53:15 ----D---- C:\Program Files\Mozilla Firefox
2008-09-17 03:02:47 ----D---- C:\Windows\Registration
2008-09-17 03:01:59 ----D---- C:\Program Files\Internet Explorer
2008-09-16 19:45:26 ----SHD---- C:\Boot
2008-09-16 19:45:26 ----D---- C:\Windows\system32\config
2008-09-16 19:39:57 ----D---- C:\Windows\Minidump
2008-09-16 11:06:08 ----D---- C:\Windows\PolicyDefinitions
2008-09-16 11:01:00 ----D---- C:\ProgramData\NVIDIA
2008-09-15 21:05:40 ----HD---- C:\ProgramData
2008-09-15 21:00:46 ----RSD---- C:\Windows\assembly
2008-09-15 20:58:46 ----D---- C:\Windows\Tasks
2008-09-15 17:46:03 ----AD---- C:\ProgramData\TEMP
2008-09-15 14:56:58 ----SD---- C:\Windows\Downloaded Program Files
2008-09-15 00:50:51 ----D---- C:\Windows\Debug
2008-09-14 22:30:16 ----D---- C:\Windows\ehome
2008-09-14 22:30:14 ----D---- C:\Windows\system32\migration
2008-09-14 22:30:10 ----D---- C:\Program Files\Windows Mail
2008-09-14 22:26:06 ----D---- C:\Windows\Microsoft.NET
2008-09-14 22:20:11 ----D---- C:\Program Files\Microsoft Works
2008-09-14 22:19:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-14 16:07:24 ----SD---- C:\ProgramData\Microsoft
2008-09-14 16:06:48 ----D---- C:\ProgramData\Gtek
2008-09-14 14:23:46 ----D---- C:\Windows\system32\WDI
2008-09-14 12:32:07 ----SD---- C:\Users\Danny\AppData\Roaming\Microsoft
2008-09-14 09:56:20 ----HD---- C:\Windows\system32\GroupPolicy
2008-09-13 01:33:44 ----D---- C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 10:03:02 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-09-08 09:36:10 ----D---- C:\Windows\system32\Tasks
2008-08-26 13:28:14 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-09-15 133184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-06-27 207656]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\Windows\system32\DRIVERS\AegisP.sys [2008-04-09 21275]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-21 228224]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-23 1778464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-23 7475488]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 V0500Dev;Dynex 1.3MP Webcam Driver; C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 4736]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 spring;spring; \??\C:\Users\Danny\Desktop\Max\spring.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-06-21 304920]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-02-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-09-15 393216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-23 118784]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-09-15 1527808]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-21 1838592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------


Let me know if you need me to do anything else. Thanks again for all your help!

Killface

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 24 September 2008 - 02:44 PM

NVM....

I see it...

Edited by extremeboy, 24 September 2008 - 03:02 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 25 September 2008 - 07:04 AM

Hi Killface.

Your log looks much better :thumbsup:

Still some work left to do.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab
    C:\Windows\system32\jpeupf.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
    ]Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Update Java to Version 6 Update 7

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post back with:
-Combofix log-MalwareBytes Anti-malware scan log
-How is your computer running now?
-Fresh RSIT LOG <-Run this at the end.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 killface

killface
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 26 September 2008 - 09:26 AM

My computer has been running much better so far since the last combofix run. I haven't noticed any pop-ups or severe slowdowns yet. The only thing that is a little strange is after leaving my computer for an extended period of time and it turns off the hard disks and monitor when I come back my wireless internet connection which normally says "local and internet" will say just "local" and won't connect to the internet at all until I reboot. Disconnecting/reconnecting doesn't seem to do anything, only a reboot reconnects me. I don't know if this would be related to the viruses but it has just started happening fairly recently. But here are the logs you requested.


Combofix Log:


ComboFix 08-09-25.01 - Danny 2008-09-25 12:02:36.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2149 [GMT -5:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Users\Danny\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab
C:\Windows\system32\jpeupf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report05b2d911\Report.cab

.
((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-23 01:01 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-23 01:01 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-23 01:01 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-23 01:01 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-23 01:00 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-23 01:00 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-23 01:00 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-23 01:00 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-23 01:00 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-19 10:22 . 2008-09-19 10:22 <DIR> d-------- C:\rsit
2008-09-18 18:09 . 2008-09-18 18:09 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:05 . 2008-09-18 18:07 <DIR> d-------- C:\Program Files\Dynex
2008-09-18 18:05 . 2008-09-18 18:05 <DIR> d-------- C:\Program Files\Creative
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagwrn.xml
2008-09-16 19:06 . 2008-09-16 19:06 1,905 --a------ C:\Windows\diagerr.xml
2008-09-16 01:18 . 2008-09-16 19:39 230,271,724 --a------ C:\Windows\MEMORY.DMP
2008-09-15 21:06 . 2008-09-15 21:06 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-15 21:05 . 2008-09-15 21:05 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Windows\System32\logs
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02 . 2008-09-15 21:02 <DIR> d-------- C:\Binaries
2008-09-15 21:01 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-15 21:01 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\BitDefender
2008-09-15 21:00 . 2008-09-15 21:00 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-15 20:57 . 2008-09-15 21:01 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-15 20:53 . 2008-09-15 20:54 <DIR> d-------- C:\Users\Danny\.housecall6.6
2008-09-15 17:32 . 2008-09-24 00:08 <DIR> d-------- C:\HijackThis
2008-09-15 00:06 . 2008-09-15 00:06 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-14 19:10 . 2008-09-14 19:10 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-09-14 16:17 . 2008-06-27 06:08 79,240 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-09-14 16:17 . 2008-06-27 06:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-09-14 16:13 . 2008-06-20 05:41 34,152 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-09-14 15:49 . 2008-09-15 21:05 <DIR> d-------- C:\ProgramData\McAfee
2008-09-14 12:14 . 2008-09-14 16:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 11:08 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-14 11:08 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-14 11:08 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-14 11:07 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-14 11:07 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-14 11:07 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-14 11:06 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-14 11:00 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-14 10:16 . 2008-09-14 10:16 <DIR> d-------- C:\VundoFix Backups
2008-09-14 10:00 . 2008-09-15 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-13 20:12 . 2008-09-13 20:12 91 --a------ C:\Windows\wininit.ini
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17 . 2008-09-15 17:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50 . 2008-09-13 06:52 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-13 06:13 . 2008-09-13 06:13 268 --ah----- C:\sqmdata00.sqm
2008-09-13 06:13 . 2008-09-13 06:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-10 21:24 . 2008-09-10 21:24 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-09-08 10:03 . 2008-09-10 14:45 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00 . 2008-09-08 10:00 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-09-08 09:57 . 2008-09-08 09:57 <DIR> d-------- C:\Program Files\CCleaner
2008-09-08 09:56 . 2008-09-08 09:56 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-07 16:15 . 2008-09-07 16:15 <DIR> d-------- C:\Program Files\NBCE Review
2008-09-07 16:15 . 2008-09-07 16:15 737,280 --a------ C:\Windows\iun6002.exe
2008-09-05 12:14 . 2008-09-05 12:14 <DIR> d-------- C:\Program Files\FriendFinder
2008-09-05 11:46 . 2008-09-05 11:46 <DIR> d-------- C:\Program Files\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 16:01 --------- d-----w C:\ProgramData\NVIDIA
2008-09-15 22:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-15 03:30 --------- d-----w C:\Program Files\Windows Mail
2008-09-15 03:20 --------- d-----w C:\Program Files\Microsoft Works
2008-09-15 03:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-14 21:06 --------- d-----w C:\ProgramData\Gtek
2008-09-13 06:33 --------- d-----w C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 15:03 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-08 15:00 1,546 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-08-15 02:41 --------- d-----w C:\Program Files\iTunes
2008-08-15 02:41 --------- d-----w C:\Program Files\iPod
2008-08-15 02:41 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 23:54 102,208 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-08-12 23:40 228,672 ----a-w C:\Windows\system32\drivers\bdfsfltr.sys
2008-08-12 23:40 108,864 ----a-w C:\Windows\system32\drivers\bdfm.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-14 16:52 80,840 ----a-w C:\Windows\System32\ElbyVCD.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 11:06 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-05-16 01:39 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 20:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 20:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-09-23_21.35.27.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-24 02:30:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-25 16:57:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-24 02:30:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-25 16:57:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-24 02:30:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-25 16:58:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-24 02:30:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-25 16:58:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-24 02:30:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-25 16:57:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-24 02:30:09 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-25 16:57:51 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-24 02:30:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-25 16:57:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-24 02:24:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-25 17:02:21 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-09-23 00:42:37 105,170 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-25 17:03:06 105,170 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-23 00:42:37 604,214 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-25 17:03:06 604,214 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-24 02:27:44 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-24 19:23:03 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-23 00:40:53 10,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
+ 2008-09-25 16:59:41 10,128 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-163106387-1397904396-1171915439-1000_UserData.bin
- 2008-09-23 00:40:52 64,890 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-25 16:59:41 65,114 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-22 23:58:55 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-24 19:21:39 3,004 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-23 00:40:50 39,806 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-25 16:59:40 40,164 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-23 21:30:15 261,060 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-09-24 19:18:09 261,722 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-23 92704]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-09-15 21:10 716800 C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2008-08-10 23:53 69632 C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 02:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
--a------ 2008-01-14 12:14 4053102 C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]
--a------ 2007-11-02 20:00 32768 C:\Windows\V0500Mon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1B57D1-3629-48A2-AE69-14A5B7C875CD}"= TCP:10421:SingleClick Discovery Protocol
"{BFEED46E-710A-4781-9308-D5EDCACF6108}"= UDP:139:NetBIOS File/Printer Sharing
"{CCCF5B83-C418-44C4-845E-A75A46429B12}"= TCP:10426:SingleClick ICC
"{B2C97E17-D0BD-4399-8C7E-2CDFF823676E}"= UDP:445:Microsoft Directory Services
"{232968E5-B431-4FCB-9121-988AA05C0ED3}"= TCP:138:NetBIOS Datagram Service
"{D9E66B5C-E78E-4BF3-8E98-975DD46882DB}"= TCP:137:NetBIOS Name Service
"{37579AB4-BA0D-4D6C-A0DC-C54F713D8072}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6332C3CB-6523-484A-B39F-A43A6F7A2632}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9BDFB15C-E831-477A-ABC2-D9178F585976}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4CF3A0E-A7ED-44B1-86D6-4DAB6035BC11}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{FB06A9F6-64FC-4634-869F-5B02B072F7CA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{65DD857A-DFF0-4E42-9A07-12B463005F51}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= UDP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"UDP Query User{8EFB3FE7-0423-43CA-9C15-C89DE3084404}C:\\users\\danny\\desktop\\bananas\\oznhsp.exe"= TCP:C:\users\danny\desktop\bananas\oznhsp.exe:oznhsp.exe
"{F9CAA924-D8D7-4389-9B96-72953B913102}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8CF8743D-02DA-4303-9570-90111BEFF0C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D09CD888-C874-4EB3-96AB-2FCC764E5822}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7112166D-9FA3-4BD5-BF6B-1DE382F09515}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A7649678-0041-469E-ACE2-D2961BEF5282}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{600A411C-8321-427B-A328-34BD0FA16F0F}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{113BD7B7-4C9F-45E1-8464-2E5853D959B7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E226A6-DBD4-4803-B5DB-5CAFF234C5E4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FB8EE551-E364-4F74-ADB4-A8D7422E13C9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{32B1C6E0-FACA-4D8B-9954-B39976233433}"= UDP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{7D2B4A2A-99E5-4AE2-8E59-4F9C83845453}"= TCP:C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{C2151D98-0E97-43C5-8A5A-352962715372}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89045E46-7EA9-47C6-B23C-BC097E3D0C3C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A0E030AC-1AE7-44FE-9E11-8CA7FE4E4EDA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3E6BDF2E-695D-40E8-9F9D-46883002DF87}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68EF75C0-A3E1-4A41-AE4F-F1D61DC843EB}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{44C516C8-42AA-4CF9-989A-EE5996FB8E50}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"TCP Query User{BE68AD1C-3CFD-44B1-A2A0-8535D7802681}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{056D4ECF-4605-4418-A795-11E60D758937}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{775ADC16-26B0-4ECB-8D5B-5A4D606D34D2}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{01531176-BD49-43F5-A46A-205CF99034D0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
\shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 12:04:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-25 12:06:40
ComboFix-quarantined-files.txt 2008-09-25 17:06:37
ComboFix2.txt 2008-09-24 02:36:47
ComboFix3.txt 2008-09-22 15:02:32
ComboFix4.txt 2008-09-17 00:49:46

Pre-Run: 347,382,968,320 bytes free
Post-Run: 347,394,252,800 bytes free

261 --- E O F --- 2008-09-25 08:00:26





Malwarebyte Log:




Malwarebytes' Anti-Malware 1.28
Database version: 1209
Windows 6.0.6001 Service Pack 1

9/26/2008 9:17:37 AM
mbam-log-2008-09-26 (09-17-37).txt

Scan type: Quick Scan
Objects scanned: 40237
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





And the fresh RSIT log:



Logfile of random's system information tool 1.02 (written by random/random)
Run by Danny at 2008-09-26 09:19:08
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 327 GB (70%) free of 467 GB
Total RAM: 3069 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:10 AM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Danny\Desktop\RSIT.exe
C:\HijackThis\Danny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080222
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 4680 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-02-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-23 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-23 92704]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"IMC"=C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-09-15 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0500Mon.exe]
C:\Windows\V0500Mon.exe [2007-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL jpeupf.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cefeabaf-e0ad-11dc-b5b9-806e6f6e6963}]
shell\AutoRun\command - E:\webcam\setup.exe /nosrpoint


======List of files/folders created in the last 1 months======

2008-09-26 09:09:20 ----D---- C:\Users\Danny\AppData\Roaming\Malwarebytes
2008-09-26 09:09:18 ----D---- C:\ProgramData\Malwarebytes
2008-09-26 09:09:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 12:06:40 ----A---- C:\ComboFix.txt
2008-09-25 12:01:33 ----D---- C:\ComboFix
2008-09-25 12:01:32 ----A---- C:\Windows\swreg.exe
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wups2.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wucltux.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-23 01:01:16 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-23 01:00:57 ----A---- C:\Windows\system32\wups.dll
2008-09-23 01:00:57 ----A---- C:\Windows\system32\wudriver.dll
2008-09-23 01:00:57 ----A---- C:\Windows\system32\wuapi.dll
2008-09-23 01:00:50 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-23 01:00:50 ----A---- C:\Windows\system32\wuapp.exe
2008-09-19 10:22:24 ----D---- C:\rsit
2008-09-18 18:09:10 ----D---- C:\Users\Danny\AppData\Roaming\Creative
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Mon.exe
2008-09-18 18:06:11 ----A---- C:\Windows\V0500Cfg.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Srv.exe
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Pin.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Hwx.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\V0500Cvw.dll
2008-09-18 18:06:11 ----A---- C:\Windows\system32\CtCamMgr.dll
2008-09-18 18:06:11 ----A---- C:\Windows\CtDrvIns.exe
2008-09-18 18:05:34 ----D---- C:\Program Files\Dynex
2008-09-18 18:05:19 ----D---- C:\Program Files\Creative
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msshooks.dll
2008-09-16 10:58:15 ----A---- C:\Windows\system32\msscb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propsys.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\propdefs.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msstrc.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\msshsq.dll
2008-09-16 10:58:12 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\wsepno.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\tquery.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-16 10:58:11 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\offfilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-16 10:58:11 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssvp.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssrch.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-16 10:58:10 ----A---- C:\Windows\system32\mssph.dll
2008-09-16 00:38:21 ----D---- C:\Windows\erdnt
2008-09-16 00:37:36 ----D---- C:\QooBox
2008-09-16 00:37:34 ----A---- C:\Windows\zip.exe
2008-09-16 00:37:34 ----A---- C:\Windows\VFind.exe
2008-09-16 00:37:34 ----A---- C:\Windows\swsc.exe
2008-09-16 00:37:34 ----A---- C:\Windows\sed.exe
2008-09-16 00:37:34 ----A---- C:\Windows\Nircmd.exe
2008-09-16 00:37:34 ----A---- C:\Windows\grep.exe
2008-09-16 00:37:34 ----A---- C:\Windows\fdsv.exe
2008-09-16 00:37:11 ----A---- C:\Windows\swxcacls.exe
2008-09-15 21:49:50 ----A---- C:\Windows\ntbtlog.txt
2008-09-15 21:02:36 ----D---- C:\Windows\system32\logs
2008-09-15 21:02:02 ----D---- C:\Users\Danny\AppData\Roaming\BitDefender
2008-09-15 21:02:00 ----D---- C:\Binaries
2008-09-15 21:01:31 ----D---- C:\ProgramData\BitDefender
2008-09-15 21:01:30 ----D---- C:\Program Files\BitDefender
2008-09-15 21:00:11 ----D---- C:\Windows\system32\URTTEMP
2008-09-15 20:57:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-15 17:32:47 ----D---- C:\HijackThis
2008-09-15 00:06:51 ----D---- C:\Users\Danny\AppData\Roaming\Yahoo!
2008-09-14 22:24:34 ----A---- C:\Windows\system32\tzres.dll
2008-09-14 19:10:19 ----D---- C:\ProgramData\SiteAdvisor
2008-09-14 15:49:14 ----D---- C:\ProgramData\McAfee
2008-09-14 12:14:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-09-14 12:12:52 ----HD---- C:\Config.Msi
2008-09-14 11:08:36 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-14 11:08:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-14 11:08:21 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-14 11:07:01 ----A---- C:\Windows\system32\EncDec.dll
2008-09-14 11:07:00 ----A---- C:\Windows\system32\psisdecd.dll
2008-09-14 11:02:52 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-14 11:02:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-14 11:02:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-14 11:02:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-14 11:02:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-14 11:02:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-14 11:02:26 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-14 11:02:12 ----A---- C:\Windows\system32\shell32.dll
2008-09-14 11:02:02 ----A---- C:\Windows\system32\es.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\wininet.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\mshtml.dll
2008-09-14 11:01:39 ----A---- C:\Windows\system32\ieframe.dll
2008-09-14 11:01:38 ----A---- C:\Windows\system32\urlmon.dll
2008-09-14 11:01:36 ----A---- C:\Windows\system32\mstime.dll
2008-09-14 11:01:35 ----A---- C:\Windows\system32\jsproxy.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\dataclen.dll
2008-09-14 11:01:21 ----A---- C:\Windows\system32\cdd.dll
2008-09-14 11:01:11 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wshext.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\wscript.exe
2008-09-14 11:01:05 ----A---- C:\Windows\system32\vbscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrrun.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\scrobj.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\jscript.dll
2008-09-14 11:01:05 ----A---- C:\Windows\system32\cscript.exe
2008-09-14 11:00:59 ----A---- C:\Windows\system32\quartz.dll
2008-09-14 10:16:28 ----A---- C:\VundoFix.txt
2008-09-14 10:16:27 ----D---- C:\VundoFix Backups
2008-09-14 10:00:31 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-14 09:12:03 ----D---- C:\Windows\pss
2008-09-13 20:12:41 ----A---- C:\Windows\wininit.ini
2008-09-13 16:17:03 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-13 16:17:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-13 06:50:17 ----D---- C:\ProgramData\Lavasoft
2008-09-13 01:41:19 ----A---- C:\ProgramData\pskt.ini
2008-09-13 01:41:19 ----A---- C:\ProgramData\BM9903e062.txt
2008-09-13 01:40:50 ----A---- C:\Windows\system32\91131780-.txt
2008-09-10 21:24:50 ----HD---- C:\ProgramData\CanonBJ
2008-09-08 10:03:10 ----D---- C:\Users\Danny\AppData\Roaming\Spore
2008-09-08 10:00:36 ----D---- C:\ProgramData\Electronic Arts
2008-09-08 09:57:59 ----D---- C:\Program Files\CCleaner
2008-09-08 09:56:16 ----D---- C:\Program Files\Electronic Arts
2008-09-07 16:15:46 ----A---- C:\Windows\iun6002.exe
2008-09-07 16:15:44 ----D---- C:\Program Files\NBCE Review
2008-09-05 12:14:47 ----D---- C:\Program Files\FriendFinder
2008-09-05 11:46:33 ----D---- C:\Program Files\Elaborate Bytes

======List of files/folders modified in the last 1 months======

2008-09-26 09:19:10 ----D---- C:\Windows\Prefetch
2008-09-26 09:19:05 ----D---- C:\Windows\Temp
2008-09-26 09:11:14 ----D---- C:\Windows\system32\drivers
2008-09-26 09:09:18 ----HD---- C:\ProgramData
2008-09-26 09:09:17 ----RD---- C:\Program Files
2008-09-26 08:04:36 ----D---- C:\Windows\System32
2008-09-26 08:04:36 ----D---- C:\Windows\inf
2008-09-26 08:04:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-26 03:00:20 ----SHD---- C:\Windows\Installer
2008-09-26 03:00:13 ----SHD---- C:\System Volume Information
2008-09-25 12:06:42 ----D---- C:\Windows
2008-09-25 12:04:53 ----A---- C:\Windows\system.ini
2008-09-25 12:04:52 ----D---- C:\Windows\system32\en-US
2008-09-25 12:03:48 ----D---- C:\Windows\AppPatch
2008-09-25 12:03:48 ----D---- C:\Program Files\Common Files
2008-09-25 07:26:42 ----D---- C:\Program Files\Mozilla Firefox
2008-09-24 14:38:47 ----D---- C:\Windows\rescache
2008-09-24 14:23:30 ----D---- C:\Windows\system32\catroot2
2008-09-24 14:21:20 ----D---- C:\Windows\winsxs
2008-09-23 01:01:30 ----D---- C:\Windows\system32\catroot
2008-09-18 18:07:36 ----RD---- C:\Users
2008-09-18 18:07:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 18:06:29 ----D---- C:\Windows\twain_32
2008-09-17 03:02:47 ----D---- C:\Windows\Registration
2008-09-17 03:01:59 ----D---- C:\Program Files\Internet Explorer
2008-09-16 19:45:26 ----SHD---- C:\Boot
2008-09-16 19:45:26 ----D---- C:\Windows\system32\config
2008-09-16 19:39:57 ----D---- C:\Windows\Minidump
2008-09-16 11:06:08 ----D---- C:\Windows\PolicyDefinitions
2008-09-16 11:01:00 ----D---- C:\ProgramData\NVIDIA
2008-09-15 21:00:46 ----RSD---- C:\Windows\assembly
2008-09-15 20:58:46 ----D---- C:\Windows\Tasks
2008-09-15 17:46:03 ----AD---- C:\ProgramData\TEMP
2008-09-15 14:56:58 ----SD---- C:\Windows\Downloaded Program Files
2008-09-15 00:50:51 ----D---- C:\Windows\Debug
2008-09-14 22:30:16 ----D---- C:\Windows\ehome
2008-09-14 22:30:14 ----D---- C:\Windows\system32\migration
2008-09-14 22:30:10 ----D---- C:\Program Files\Windows Mail
2008-09-14 22:26:06 ----D---- C:\Windows\Microsoft.NET
2008-09-14 22:20:11 ----D---- C:\Program Files\Microsoft Works
2008-09-14 22:19:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-14 16:07:24 ----SD---- C:\ProgramData\Microsoft
2008-09-14 16:06:48 ----D---- C:\ProgramData\Gtek
2008-09-14 14:23:46 ----D---- C:\Windows\system32\WDI
2008-09-14 12:32:07 ----SD---- C:\Users\Danny\AppData\Roaming\Microsoft
2008-09-14 09:56:20 ----HD---- C:\Windows\system32\GroupPolicy
2008-09-13 01:33:44 ----D---- C:\Users\Danny\AppData\Roaming\uTorrent
2008-09-08 10:03:02 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-09-08 09:36:10 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-09-15 133184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-06-27 207656]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\Windows\system32\DRIVERS\AegisP.sys [2008-04-09 21275]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\Windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-06-21 228224]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-23 1778464]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-23 7475488]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 V0500Dev;Dynex 1.3MP Webcam Driver; C:\Windows\system32\DRIVERS\V0500Vid.sys [2007-10-31 251264]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-20 17920]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-20 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 4736]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 spring;spring; \??\C:\Users\Danny\Desktop\Max\spring.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-06-21 304920]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-02-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-09-15 393216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-23 118784]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-09-15 1527808]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-21 1838592]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------


Seems like we may have it whipped, if not it seems we are very close. Thanks again for all your help I really appreciate it!

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 PM

Posted 26 September 2008 - 11:37 AM

Hi Killface.

Please update your Java by following my previous post and remove ALL older versions of Java using add/remove.

Update Java to Version 6 Update 7

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.


Then Please post back with the fresh RSIT logs.
The RSIT logs can be found in the folder C:\Rsit

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users