Thread: Vundo and Downloader-BDF
View Single Post
Old 08-10-2007, 04:27 AM   #7 (permalink)
burnsbabyburns
Registered User
 
Join Date: Aug 2007
Posts: 12
OS: XP


Re: Vundo and Downloader-BDF
Here are the logs:

HIJACKTHIS LOG:

Deckard's System Scanner v20070807.62
Run by Default on 2007-08-10 at 06:23:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:22 AM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\dss.exe
C:\DOCUME~1\Default\MYDOCU~1\Default.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...90/mcfscan.cab
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4112 bytes

-- Files created between 2007-07-10 and 2007-08-10 -----------------------------

2007-08-10 01:22:23 0 d-------- C:\Program Files\Google
2007-08-10 01:22:23 0 d-------- C:\Documents and Settings\Default\Application Data\Google
2007-08-09 04:07:10 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-09 04:07:10 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 03:22:20 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-06 18:58:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-08-06 13:44:32 0 d-------- C:\WINDOWS\McAfee.com
2007-08-05 22:51:15 245760 --a------ C:\WINDOWS\system32\ImxEx.dll
2007-08-05 22:25:26 0 d-------- C:\Program Files\Astro Gemini Software
2007-08-05 22:22:33 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-08-04 20:00:06 0 d-------- C:\Program Files\NCH Swift Sound
2007-08-04 20:00:06 0 d-------- C:\Documents and Settings\Default\Application Data\NCH Swift Sound
2007-08-04 19:59:34 0 d-------- C:\Program Files\NCH Software
2007-08-04 19:56:00 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2007-08-04 19:55:51 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-08-04 19:55:18 0 d-------- C:\Program Files\Replay Converter
2007-08-04 19:52:21 0 d-------- C:\Documents and Settings\Default\Application Data\GetRightToGo
2007-08-04 19:37:31 0 d-------- C:\Program Files\FLVPlayer
2007-08-04 15:40:45 0 d-------- C:\Program Files\uTorrent
2007-08-02 20:56:23 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-02 20:54:41 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-02 20:54:41 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-02 20:35:11 98304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll <Not Verified; SoftAhead Inc.; SoftAheadCert Module>
2007-07-26 14:36:09 0 d-------- C:\Documents and Settings\Default\Application Data\Move Networks
2007-07-26 05:08:27 0 d-------- C:\Documents and Settings\Default\Application Data\NewzToolz
2007-07-26 05:08:10 0 d-------- C:\Program Files\NewzToolz
2007-07-26 04:01:18 0 d-------- C:\Documents and Settings\Default\Application Data\PEERNET
2007-07-26 04:00:59 0 --a------ C:\WINDOWS\system32\PNFCC3
2007-07-26 04:00:59 0 d-------- C:\Documents and Settings\All Users\Application Data\PEERNET
2007-07-26 04:00:11 0 d-------- C:\Program Files\PEERNET File Conversion Center 3.0
2007-07-26 03:59:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 03:54:28 0 d-------- C:\Documents and Settings\Default\Application Data\WinRAR
2007-07-23 03:25:03 1165 --a------ C:\WINDOWS\mozver.dat
2007-07-22 14:52:19 0 d-------- C:\Documents and Settings\Default\Application Data\Talkback
2007-07-22 14:36:46 0 d-------- C:\Documents and Settings\Default\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2007-08-10 0613 0 d-------- C:\Program Files\Messenger
2007-08-10 06:03:55 0 d-------- C:\Program Files\DellSupport
2007-08-08 01:38:43 0 d-------- C:\Documents and Settings\Default\Application Data\uTorrent
2007-08-06 16:04:17 0 d-------- C:\Program Files\McAfee.com
2007-08-04 15:18:04 0 d-------- C:\Program Files\Common Files\Real
2007-07-26 09:22:23 0 d-------- C:\Program Files\Common Files
2007-07-02 11:43:29 0 d-------- C:\Program Files\MSXML 4.0
2007-06-25 12:46:33 0 d-------- C:\Documents and Settings\Default\Application Data\Image Zone Express
2007-05-30 14:09:51 117193 --a----c- C:\WINDOWS\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 03:33 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/19/2004 01:13 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 05:00 PM]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\Default\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]




-- End of Deckard's System Scanner: finished at 2007-08-10 at 06:23:43 ---------



ONLINE SCAN:

Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\appid\adm.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\Deckard\System Scanner\20070810050551\backup\DOCUME~1\Default\LOCALS~1\Temp\nsbA.tmp
Adware:Adware/IST.ISTBar Not disinfected C:\Deckard\System Scanner\20070810050551\backup\DOCUME~1\Default\LOCALS~1\Temp\Setup(2).exe
Adware:Adware/PopupSearches Not disinfected C:\Deckard\System Scanner\20070810050551\backup\DOCUME~1\Default\LOCALS~1\Temp\temp.fr2B1D
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.com.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.gostats.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\cf7mj29r.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Default\Cookies\default@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Default\Cookies\default@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default\Cookies\default@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Default\Cookies\default@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Default\Cookies\default@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default\Cookies\default@doubleclick[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Default\Cookies\default@enhance[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Default\Cookies\default@go[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Default\Cookies\default@www.burstbeacon[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Default\Desktop\ComboFix.exe[nircmd.exe]
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\DOCUME~1\Default\APPLIC~1\tmp402.tmp.exe.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\DOCUME~1\Default\APPLIC~1\tmpD.tmp.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ssqoopp.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2007-08-10_ 50140.93.zip[IMGDIT.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe



COMBOFIX LOG:


ComboFix 07-08-10.7 - "Default" 2007-08-10 5:40:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.65 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Default\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\install.dat
C:\WINDOWS\SYSTEM32\mqshcefp.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.dat
C:\VundoFix Backups
C:\VundoFix Backups\jmllm.bak1.bad
C:\VundoFix Backups\jmllm.bak2.bad
C:\VundoFix Backups\jmllm.ini.bad
C:\VundoFix Backups\mllmj.dll.bad
C:\VundoFix Backups\ssqoopp.dll.bad
C:\VundoFix Backups\tmp83.tmp.dll.bad
C:\WINDOWS\SYSTEM32\mqshcefp.exe


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 04:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 01:22 <DIR> d-------- C:\Program Files\Google
2007-08-10 01:22 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Google
2007-08-09 04:13 <DIR> d-------- C:\Deckard
2007-08-09 04:07 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-08-09 04:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-09 03:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-06 18:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
2007-08-06 13:44 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-05 22:51 245,760 --a------ C:\WINDOWS\SYSTEM32\ImxEx.dll
2007-08-05 22:25 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-08-05 22:22 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2007-08-04 20:00 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-04 20:00 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\NCH Swift Sound
2007-08-04 19:59 <DIR> d-------- C:\Program Files\NCH Software
2007-08-04 19:56 135,168 --a------ C:\WINDOWS\SYSTEM32\DSKernel2.dll
2007-08-04 19:56 1,936,528 --a------ C:\WINDOWS\SYSTEM32\ltmm15.dll
2007-08-04 19:55 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-04 19:55 <DIR> d-------- C:\Program Files\Replay Converter
2007-08-04 19:52 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\GetRightToGo
2007-08-04 19:37 <DIR> d-------- C:\Program Files\FLVPlayer
2007-08-04 15:40 <DIR> d-------- C:\Program Files\uTorrent
2007-08-02 20:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-02 20:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-08-02 20:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-08-02 20:35 98,304 --a------ C:\WINDOWS\SYSTEM32\SoftAheadCert.dll
2007-07-26 14:36 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Move Networks
2007-07-26 05:08 <DIR> d-------- C:\Program Files\NewzToolz
2007-07-26 05:08 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\NewzToolz
2007-07-26 04:01 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\PEERNET
2007-07-26 04:00 <DIR> d-------- C:\Program Files\PEERNET File Conversion Center 3.0
2007-07-26 04:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PEERNET
2007-07-26 03:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-26 03:54 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\WinRAR
2007-07-23 03:25 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-22 14:52 <DIR> d-------- C:\DOCUME~1\Default\APPLIC~1\Talkback


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 03:49 --------- d-------- C:\Program Files\Messenger
2007-08-09 03:46 --------- d-------- C:\Program Files\DellSupport
2007-08-08 01:38 --------- d-------- C:\DOCUME~1\Default\APPLIC~1\uTorrent
2007-08-06 16:04 --------- d-------- C:\Program Files\McAfee.com
2007-08-04 15:18 --------- d-------- C:\Program Files\Common Files\Real
2007-07-02 11:43 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-25 12:46 --------- d-------- C:\DOCUME~1\Default\APPLIC~1\Image Zone Express
2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2005-10-01 19:58:44 332 -csha-r C:\WINDOWS\SYSTEM32\MS4xx0104q.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 15:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-19 13:13]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

C:\Documents and Settings\Default\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 15:04:12]

R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys


Contents of the 'Scheduled Tasks' folder
2007-05-30 18:10:31 C:\WINDOWS\Tasks\WebReg psc C3100 series.job - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 05:43:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 5:45:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 05:45
C:\ComboFix2.txt ... 2007-08-10 05:03

--- E O F ---
burnsbabyburns is offline