Thread: Vundo and Downloader-BDF
View Single Post
Old 08-10-2007, 03:15 AM   #4 (permalink)
burnsbabyburns
Registered User
 
Join Date: Aug 2007
Posts: 12
OS: XP


Re: Vundo and Downloader-BDF
I'm not sure if it matters, but I downloaded and ran Spybot since I crated this thread.

Here are the logs:

COMBOFIX LOG:

ComboFix 07-08-10.7 - "Default" 2007-08-10 4:58:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.89 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Default\APPLIC~1\tmp1D9.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp1F0.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp401.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp402.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp403.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp41D.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp52.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp53.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp54.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp66.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp7D.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp7F.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp80.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp81.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp82.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp83.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp85.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp88.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp89.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp8C.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmp8D.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmpC.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmpD.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmpE.tmp.exe
C:\DOCUME~1\Default\APPLIC~1\tmpF.tmp.exe
C:\WINDOWS\cbxusp.dll
C:\WINDOWS\ddaxvs.dll
C:\WINDOWS\llnpqr.ini
C:\WINDOWS\opqpqo.dll
C:\WINDOWS\oqpqpo.ini
C:\WINDOWS\psuxbc.ini
C:\WINDOWS\rqpnll.dll
C:\WINDOWS\svxadd.ini
C:\WINDOWS\system32\IMGDIT.dll
C:\WINDOWS\system32\tmp1D9.tmp.dll
C:\WINDOWS\system32\tmp403.tmp.dll
C:\WINDOWS\system32\tmp53.tmp.dll
C:\WINDOWS\system32\tmp54.tmp.dll
C:\WINDOWS\system32\tmp80.tmp.dll
C:\WINDOWS\system32\tmp89.tmp.dll
C:\WINDOWS\system32\tmp8D.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 04:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 01:22 <DIR> d-------- C:\Program Files\Google
2007-08-10 01:22 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Google
2007-08-09 04:13 <DIR> d-------- C:\Deckard
2007-08-09 04:07 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-08-09 04:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-09 03:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-09 01:04 <DIR> d-------- C:\VundoFix Backups
2007-08-09 00:50 164 --a------ C:\install.dat
2007-08-08 13:34 75,328 --a------ C:\WINDOWS\SYSTEM32\mqshcefp.exe
2007-08-06 18:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-06 13:44 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-05 22:51 245,760 --a------ C:\WINDOWS\SYSTEM32\ImxEx.dll
2007-08-05 22:25 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-08-05 22:22 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-08-04 20:00 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-04 20:00 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\NCH Swift Sound
2007-08-04 19:59 <DIR> d-------- C:\Program Files\NCH Software
2007-08-04 19:56 135,168 --a------ C:\WINDOWS\SYSTEM32\DSKernel2.dll
2007-08-04 19:56 1,936,528 --a------ C:\WINDOWS\SYSTEM32\ltmm15.dll
2007-08-04 19:55 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-04 19:55 <DIR> d-------- C:\Program Files\Replay Converter
2007-08-04 19:52 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\GetRightToGo
2007-08-04 19:37 <DIR> d-------- C:\Program Files\FLVPlayer
2007-08-04 15:40 <DIR> d-------- C:\Program Files\uTorrent
2007-08-02 20:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-02 20:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-08-02 20:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-08-02 20:35 98,304 --a------ C:\WINDOWS\SYSTEM32\SoftAheadCert.dll
2007-07-26 14:36 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Move Networks
2007-07-26 05:08 <DIR> d-------- C:\Program Files\NewzToolz
2007-07-26 05:08 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\NewzToolz
2007-07-26 04:01 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\PEERNET
2007-07-26 04:00 <DIR> d-------- C:\Program Files\PEERNET File Conversion Center 3.0
2007-07-26 04:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
2007-07-26 03:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 03:54 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\WinRAR
2007-07-23 03:25 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-22 14:52 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Talkback


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 03:49 --------- d-------- C:\Program Files\Messenger
2007-08-09 03:46 --------- d-------- C:\Program Files\DellSupport
2007-08-08 01:38 --------- d-------- C:\DOCUME~1\Default\APPLIC~1\uTorrent
2007-08-06 16:04 --------- d-------- C:\Program Files\McAfee.com
2007-08-04 15:18 --------- d-------- C:\Program Files\Common Files\Real
2007-07-02 11:43 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-25 12:46 --------- d-------- C:\DOCUME~1\Default\APPLIC~1\Image Zone Express
2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2005-10-01 19:58:44 332 -csha-r C:\WINDOWS\SYSTEM32\MS4xx0104q.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0E7C3B-BE02-4174-940F-7C5CC34220E0}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 15:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-19 13:13]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

C:\Documents and Settings\Default\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\geebxxu.dll

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys


Contents of the 'Scheduled Tasks' folder
2007-05-30 18:10:31 C:\WINDOWS\Tasks\WebReg psc C3100 series.job - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 05:01:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 5:03:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 05:02

--- E O F ---





HIJACKTHIS LOG:

Deckard's System Scanner v20070807.62
Run by Default on 2007-08-10 at 05:05:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:56 AM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Default\Desktop\dss.exe
C:\DOCUME~1\Default\MYDOCU~1\Default.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {4A0E7C3B-BE02-4174-940F-7C5CC34220E0} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...90/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F66939-8984-49F3-B8FC-6A6C03FDE215}: Domain = domain.invalid
O20 - AppInit_DLLs: c:\windows\system32\geebxxu.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4914 bytes

-- Files created between 2007-07-10 and 2007-08-10 -----------------------------

2007-08-10 01:22:23 0 d-------- C:\Program Files\Google
2007-08-10 01:22:23 0 d-------- C:\Documents and Settings\Default\Application Data\Google
2007-08-09 04:07:10 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-09 04:07:10 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 03:22:20 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 01:04:33 0 d-------- C:\VundoFix Backups
2007-08-09 00:50:04 164 --a------ C:\install.dat
2007-08-08 13:34:42 75328 --a------ C:\WINDOWS\system32\mqshcefp.exe <Not Verified; ; DDC>
2007-08-06 18:58:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-08-06 13:44:32 0 d-------- C:\WINDOWS\McAfee.com
2007-08-05 22:51:15 245760 --a------ C:\WINDOWS\system32\ImxEx.dll
2007-08-05 22:25:26 0 d-------- C:\Program Files\Astro Gemini Software
2007-08-05 22:22:33 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-08-04 20:00:06 0 d-------- C:\Program Files\NCH Swift Sound
2007-08-04 20:00:06 0 d-------- C:\Documents and Settings\Default\Application Data\NCH Swift Sound
2007-08-04 19:59:34 0 d-------- C:\Program Files\NCH Software
2007-08-04 19:56:00 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2007-08-04 19:55:51 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-08-04 19:55:18 0 d-------- C:\Program Files\Replay Converter
2007-08-04 19:52:21 0 d-------- C:\Documents and Settings\Default\Application Data\GetRightToGo
2007-08-04 19:37:31 0 d-------- C:\Program Files\FLVPlayer
2007-08-04 15:40:45 0 d-------- C:\Program Files\uTorrent
2007-08-02 20:56:23 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-02 20:54:41 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-02 20:54:41 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-02 20:35:11 98304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll <Not Verified; SoftAhead Inc.; SoftAheadCert Module>
2007-07-26 14:36:09 0 d-------- C:\Documents and Settings\Default\Application Data\Move Networks
2007-07-26 05:08:27 0 d-------- C:\Documents and Settings\Default\Application Data\NewzToolz
2007-07-26 05:08:10 0 d-------- C:\Program Files\NewzToolz
2007-07-26 04:01:18 0 d-------- C:\Documents and Settings\Default\Application Data\PEERNET
2007-07-26 04:00:59 0 --a------ C:\WINDOWS\system32\PNFCC3
2007-07-26 04:00:59 0 d-------- C:\Documents and Settings\All Users\Application Data\PEERNET
2007-07-26 04:00:11 0 d-------- C:\Program Files\PEERNET File Conversion Center 3.0
2007-07-26 03:59:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 03:54:28 0 d-------- C:\Documents and Settings\Default\Application Data\WinRAR
2007-07-23 03:25:03 1165 --a------ C:\WINDOWS\mozver.dat
2007-07-22 14:52:19 0 d-------- C:\Documents and Settings\Default\Application Data\Talkback
2007-07-22 14:36:46 0 d-------- C:\Documents and Settings\Default\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2007-08-09 03:49:11 0 d-------- C:\Program Files\Messenger
2007-08-09 03:46:53 0 d-------- C:\Program Files\DellSupport
2007-08-08 01:38:43 0 d-------- C:\Documents and Settings\Default\Application Data\uTorrent
2007-08-06 16:04:17 0 d-------- C:\Program Files\McAfee.com
2007-08-04 15:18:04 0 d-------- C:\Program Files\Common Files\Real
2007-07-26 09:22:23 0 d-------- C:\Program Files\Common Files
2007-07-02 11:43:29 0 d-------- C:\Program Files\MSXML 4.0
2007-06-25 12:46:33 0 d-------- C:\Documents and Settings\Default\Application Data\Image Zone Express
2007-05-30 14:09:51 117193 --a----c- C:\WINDOWS\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A0E7C3B-BE02-4174-940F-7C5CC34220E0}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 03:33 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/19/2004 01:13 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 05:00 PM]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\Default\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\geebxxu.dll

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2007-08-10 at 0517 ---------
burnsbabyburns is offline