 |
 |
| 
eastonch
New Member
Date Joined Jun 2008
Total Posts : 5
| Posted 6-27-2008 4:44 (GMT +2) |   | Slow down of my pc after starting it up, just over 10mins it took to start speeding up. Here is my Log,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:17, on 27/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Global Startup: Reboot.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208550823742
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208592503703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard Gaming Service (BsGaming) - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 12240 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13085
| Posted 6-28-2008 7:05 (GMT +2) | | Hi eastonch and welcome 
It looks clean, however I suggest you post a combofix log ->
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive (if You have any) before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Please copy and paste your log files. DO NOT add it as an attachment
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
eastonch
New Member
Date Joined Jun 2008
Total Posts : 5
| Posted 6-28-2008 5:15 (GMT +2) | | Hi, thanks for the help, it was a weird experiance, the pc beeped then it ran then all the programs died and bullguard died then it all went blank (explorer.exe) then it finished and restored it all. but something wernt. i'll restart first :0
i looked at the log and it says recovery console not installed, i formatted my pc, how do i install recovery console? :)
NOTE : I Just installed the Recovery Console using a guide from bleepingcomputer. I have not used the Combofix yet, so if you need a new one please say!
ComboFix 08-06-20.4 - Chris Easton 2008-06-28 16:07:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1413 [GMT 1:00]
Running from: C:\Documents and Settings\Chris Easton\Desktop\Firefox Downloads\ComboFix.exe
Command switches used :: /snapshot
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Chris Easton\Application Data\inst.exe
C:\Documents and Settings\Chris Easton\Local Settings\Temporary Internet Files\sph264.dll
C:\Documents and Settings\Chris Easton\Local Settings\Temporary Internet Files\spmpeg4.dll
C:\Documents and Settings\Chris Easton\Local Settings\Temporary Internet Files\sptheo.dll
C:\Documents and Settings\Chris Easton\Local Settings\Temporary Internet Files\StreamPlug.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-22 15:40 . 2008-06-22 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-22 15:39 . 2008-06-22 15:39 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-21 17:00 . 2008-06-28 15:59 64,512 --ah----- C:\Documents and Settings\Chris Easton\Application Data\dach100.dll
2008-06-21 11:46 . 2008-06-21 11:46 918,045 --ah----- C:\DH Temp.tmp
2008-06-21 11:41 . 2008-06-21 11:41 0 --ah----- C:\miniex.ant
2008-06-15 13:47 . 2008-06-15 13:47 <DIR> d-------- C:\Documents and Settings\Chris Easton\Application Data\DAEMON Tools
2008-06-15 13:47 . 2008-06-15 13:47 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-15 13:39 . 2008-06-15 13:39 <DIR> d-------- C:\Program Files\GameShadow
2008-06-15 13:36 . 2008-06-15 13:36 <DIR> d-------- C:\Program Files\Monte Cristo
2008-06-14 21:44 . 2008-06-14 21:44 <DIR> d-------- C:\Program Files\IDT
2008-06-14 21:44 . 2007-09-05 21:24 1,900,544 --a------ C:\WINDOWS\system32\stlang.dll
2008-06-14 21:44 . 2007-09-05 21:24 405,504 --a------ C:\WINDOWS\sttray.exe
2008-06-14 21:44 . 2007-09-05 21:25 204,800 --a------ C:\WINDOWS\system32\stacsv.exe
2008-06-14 21:26 . 2008-06-14 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 21:23 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003116_.tmp
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\WINDOWS\EHome
2008-06-14 21:16 . 2008-06-14 21:35 <DIR> d-------- C:\fbf912f9fd6ded44cfde8802
2008-06-14 21:12 . 2008-06-14 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-14 07:45 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 07:45 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 07:45 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Program Files\Kontiki
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Program Files\Channel4
2008-06-06 19:42 . 2008-06-28 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-06-06 15:37 . 2008-06-21 13:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 15:37 . 2008-06-06 15:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 11:33 . 2008-06-01 11:33 <DIR> d-------- C:\Program Files\ARWizard3
2008-06-01 11:22 . 2008-06-01 11:24 <DIR> d-------- C:\My Recordings
2008-06-01 11:20 . 2008-06-01 11:20 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder
2008-06-01 11:20 . 2008-06-01 11:20 671,744 --a------ C:\WINDOWS\is-JM0PF.exe
2008-06-01 11:20 . 2008-06-01 11:20 10,454 --a------ C:\WINDOWS\is-JM0PF.msg
2008-06-01 11:20 . 2008-06-01 11:20 555 --a------ C:\WINDOWS\is-JM0PF.lst
2008-05-31 19:24 . 2008-06-09 21:14 <DIR> d-------- C:\Program Files\Hard Disk Sentinel
2008-05-31 17:49 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\StealthBot
2008-05-31 12:22 . 2008-05-31 12:22 <DIR> d-------- C:\WINDOWS\Virtual Villagers - The Secret City
2008-05-30 16:06 . 2008-05-31 18:22 <DIR> d-------- C:\Program Files\WE Unlimited
2008-05-30 13:17 . 2008-05-30 13:17 <DIR> d-------- C:\Program Files\ATITool
2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-29 18:29 . 2008-05-29 19:14 <DIR> d-------- C:\Fraps
2008-05-29 18:29 . 2008-05-31 12:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 16:08 . 2008-05-28 16:08 38 --a------ C:\WINDOWS\AviSplitter.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 15:10 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\BullGuard
2008-06-28 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\BullGuard
2008-06-28 14:58 4,864 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-06-27 21:47 --------- d-----w C:\Program Files\Warcraft III
2008-06-25 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 16:09 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-22 14:33 --------- d-----w C:\Program Files\SpeedFan
2008-06-22 14:25 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-06-17 20:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-17 20:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-15 12:54 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\uTorrent
2008-06-15 12:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 20:12 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Vso
2008-06-08 18:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-08 13:39 --------- d-----w C:\Program Files\WC3Banlist
2008-06-08 13:39 --------- d-----w C:\Program Files\IDM Computer Solutions
2008-06-06 19:52 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\dvdcss
2008-05-27 09:12 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-27 09:12 22,328 ----a-w C:\Documents and Settings\Chris Easton\Application Data\PnkBstrK.sys
2008-05-27 09:12 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-27 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-27 09:02 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-27 09:01 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\SystemRequirementsLab
2008-05-27 08:59 --------- d-----w C:\Program Files\Ubisoft
2008-05-25 18:34 --------- d-----w C:\Program Files\Veoh Networks
2008-05-25 14:56 --------- d-----w C:\Program Files\DivX
2008-05-23 20:21 --------- d-----w C:\Program Files\Ashampoo
2008-05-18 09:18 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-05-18 09:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-05-18 08:35 --------- d-----w C:\Program Files\Duplicate Files Finder
2008-05-18 08:34 --------- d-----w C:\Program Files\kidbasic
2008-05-18 08:31 --------- d-----w C:\Program Files\CCleaner
2008-05-17 13:01 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Creative
2008-05-17 12:39 --------- d-----w C:\Program Files\iTunes
2008-05-17 12:39 --------- d-----w C:\Program Files\iPod
2008-05-17 12:37 --------- d-----w C:\Program Files\Innovative Solutions
2008-05-17 12:11 --------- d-----w C:\Program Files\L33TSig
2008-05-16 19:05 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\vlc
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-12 15:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-12 13:43 --------- d-----w C:\Program Files\VideoLAN
2008-05-12 13:37 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-10 19:39 --------- d-----w C:\Program Files\Bit Che
2008-05-09 18:29 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Ashampoo
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 15:32 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Serif
2008-05-06 15:05 --------- d-----w C:\Program Files\Serif
2008-05-05 21:19 --------- d-----w C:\Program Files\Haute Secure
2008-05-05 21:17 2,275,840 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-05-05 19:54 --------- d-----w C:\Program Files\GoldWave
2008-05-05 14:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-05 14:25 --------- d-----w C:\Program Files\MSBuild
2008-05-05 14:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-04 16:32 --------- d-----w C:\Program Files\QuickTime
2008-05-03 20:29 --------- d-----w C:\Program Files\Lavalys
2008-05-03 17:56 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\UpdateStar
2008-05-02 11:06 --------- d-----w C:\Program Files\Sun
2008-05-02 11:06 --------- d-----w C:\Program Files\Java
2008-04-30 16:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 20:50 --------- d-----w C:\Program Files\Britannica 8.0
2008-04-29 20:45 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-29 18:00 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Ahead
2008-04-29 16:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-29 14:55 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-04-28 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-28 21:43 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-28 21:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-28 21:40 --------- d-----w C:\Program Files\Nero
2008-04-28 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-28 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-28 19:21 --------- d-----w C:\Program Files\Microsoft Games
2008-04-24 10:22 25,976 ----a-w C:\WINDOWS\system32\tcpipbak.reg
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-19 10:27 47,360 ----a-w C:\Documents and Settings\Chris Easton\Application Data\pcouffin.sys
2008-04-18 20:10 155,995 ----a-w C:\WINDOWS\java\Packages\4CN9NDVH.ZIP
2008-04-18 19:06 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-18 19:06 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 01:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 23:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 23:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 23:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 23:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 22:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-04-03 14:32 71224 --a------ C:\Program Files\Haute Secure\CtBho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= "C:\Program Files\Haute Secure\CtToolBand.dll" [2008-04-03 14:32 1403960]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-04-03 14:32 1403960]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-03-08 10:56 480768]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-03-27 07:34 308552]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 18:19 122880]
"CTHelper"="CTHELPER.EXE" [2006-05-24 05:20 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 05:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-03-27 07:34 308552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 14:12 843776]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-09-24 15:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-04-03 14:32 98360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 11:05 110592]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-30 17:44 262144]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"IDTSysTrayApp"="sttray.exe" [2007-09-05 21:24 405504 C:\WINDOWS\sttray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
C:\Documents and Settings\Chris Easton\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 12:00:44 PM 2301798]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Reboot.exe [12/29/2006 11:35:16 AM 409088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Easton^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Chris Easton\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 11:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
--a------ 2006-12-08 07:45 543232 C:\Program Files\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel]
--a------ 2008-06-09 21:13 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 11:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L33TSig]
--a------ 2008-01-19 23:29 544768 C:\Program Files\L33TSig\L33TSig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-02-06 18:52 462935 C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-08-16 09:02 1877272 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2007-08-16 09:03 1269000 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
--a------ 2008-04-28 15:36 3818160 C:\Documents and Settings\Chris Easton\Application Data\UpdateStar\UpdateStar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-01 18:11 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"VaultClientSRV"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 Ct;Ct;C:\WINDOWS\system32\DRIVERS\ct.sys [2008-04-03 14:32]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-03-13 15:27]
R2 BdGaming;BullGuard Gaming Driver;C:\Program Files\BullGuard Ltd\BullGuard\BdGaming.sys [2007-12-20 11:15]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R2 BsGaming;BullGuard Gaming Service;"C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe" [2008-03-19 14:07]
R2 CtServ;CtServ;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:42]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 11:42]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 04:40]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 09:08]
S3 BGRaSvc;BGRaSvc;"C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe" [2008-02-21 10:47]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S4 VaultClientSRV;BT Auto Backup Service;C:\Program Files\BT Auto Backup\VaultClientSRV.exe [2007-07-04 22:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
CtServ REG_MULTI_SZ CtServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34926542-0d7f-11dd-a13c-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 20:31:16 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-14 08:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 13:32:08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 16:10:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 16:12:33
ComboFix-quarantined-files.txt 2008-06-28 15:12:10
Pre-Run: 403,006,341,120 bytes free
Post-Run: 403,035,156,480 bytes free
345 --- E O F --- 2008-06-21 11:21:44
^^ is the ComboFix log below is the fresh hijack this log, it is before restarting!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:43, on 28/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Global Startup: Reboot.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208550823742
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208592503703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard Gaming Service (BsGaming) - Unknown owner - C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 11433 bytes
Thanks, ~ Chris
Also,
Sometimes when i shutdown or restart my pc, i get a little red X window saying that Dwwin.exe failed to initilize since windows is shutting down. but thats my error reporting service, it there a error with a program but the dwwin cant start fast enough? ;) Post Edited (eastonch) : 28-06-2008 15:24:05 GMT | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13085
| Posted 6-29-2008 6:43 (GMT +2) | | Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
Snapshot::
File::
:\WINDOWS\is-JM0PF.exe
C:\WINDOWS\is-JM0PF.msg
C:\WINDOWS\is-JM0PF.lst
C:\WINDOWS\003116_.tmp
DirLook::
C:\Program Files\Bit Che
“C:\Program Files\Bit Che “
----------------------------------------------
Save this as CFScript.txt
At this point, You MUST EXIT ALL BROWSERS NOW before continuing!
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new combofix log
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
eastonch
New Member
Date Joined Jun 2008
Total Posts : 5
| Posted 6-29-2008 2:27 (GMT +2) | | Hi, did as you requested still slow a little on my pc .. like text for the first min or two..
ComboFix 08-06-20.4 - Chris Easton 2008-06-29 13:16:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1543 [GMT 1:00]
Running from: C:\Documents and Settings\Chris Easton\Desktop\Firefox Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris Easton\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
:\WINDOWS\is-JM0PF.exe
C:\WINDOWS\003116_.tmp
C:\WINDOWS\is-JM0PF.lst
C:\WINDOWS\is-JM0PF.msg
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\003116_.tmp
C:\WINDOWS\is-JM0PF.lst
C:\WINDOWS\is-JM0PF.msg
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-22 15:40 . 2008-06-22 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-22 15:39 . 2008-06-22 15:39 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-21 17:00 . 2008-06-29 13:14 64,512 --ah----- C:\Documents and Settings\Chris Easton\Application Data\dach100.dll
2008-06-21 11:46 . 2008-06-21 11:46 918,045 --ah----- C:\DH Temp.tmp
2008-06-21 11:41 . 2008-06-21 11:41 0 --ah----- C:\miniex.ant
2008-06-15 13:47 . 2008-06-15 13:47 <DIR> d-------- C:\Documents and Settings\Chris Easton\Application Data\DAEMON Tools
2008-06-15 13:47 . 2008-06-15 13:47 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-15 13:39 . 2008-06-15 13:39 <DIR> d-------- C:\Program Files\GameShadow
2008-06-15 13:36 . 2008-06-15 13:36 <DIR> d-------- C:\Program Files\Monte Cristo
2008-06-14 21:44 . 2008-06-14 21:44 <DIR> d-------- C:\Program Files\IDT
2008-06-14 21:44 . 2007-09-05 21:24 1,900,544 --a------ C:\WINDOWS\system32\stlang.dll
2008-06-14 21:44 . 2007-09-05 21:24 405,504 --a------ C:\WINDOWS\sttray.exe
2008-06-14 21:44 . 2007-09-05 21:25 204,800 --a------ C:\WINDOWS\system32\stacsv.exe
2008-06-14 21:26 . 2008-06-14 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\WINDOWS\EHome
2008-06-14 21:16 . 2008-06-14 21:35 <DIR> d-------- C:\fbf912f9fd6ded44cfde8802
2008-06-14 21:12 . 2008-06-14 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-14 07:45 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 07:45 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 07:45 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Program Files\Kontiki
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Program Files\Channel4
2008-06-06 19:42 . 2008-06-29 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-06 19:42 . 2008-06-06 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-06-06 15:37 . 2008-06-21 13:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 15:37 . 2008-06-06 15:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 11:33 . 2008-06-01 11:33 <DIR> d-------- C:\Program Files\ARWizard3
2008-06-01 11:22 . 2008-06-01 11:24 <DIR> d-------- C:\My Recordings
2008-06-01 11:20 . 2008-06-01 11:20 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder
2008-06-01 11:20 . 2008-06-01 11:20 671,744 --a------ C:\WINDOWS\is-JM0PF.exe
2008-05-31 19:24 . 2008-06-09 21:14 <DIR> d-------- C:\Program Files\Hard Disk Sentinel
2008-05-31 17:49 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\StealthBot
2008-05-31 12:22 . 2008-05-31 12:22 <DIR> d-------- C:\WINDOWS\Virtual Villagers - The Secret City
2008-05-30 16:06 . 2008-05-31 18:22 <DIR> d-------- C:\Program Files\WE Unlimited
2008-05-30 13:17 . 2008-05-30 13:17 <DIR> d-------- C:\Program Files\ATITool
2008-05-30 13:13 . 2008-05-30 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-29 18:29 . 2008-05-29 19:14 <DIR> d-------- C:\Fraps
2008-05-29 18:29 . 2008-05-31 12:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:20 5,776 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-06-29 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\BullGuard
2008-06-28 17:13 --------- d-----w C:\Program Files\Warcraft III
2008-06-28 17:11 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\BullGuard
2008-06-25 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 16:09 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-22 14:33 --------- d-----w C:\Program Files\SpeedFan
2008-06-22 14:25 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-06-17 20:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-17 20:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-15 12:54 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\uTorrent
2008-06-15 12:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 20:12 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Vso
2008-06-08 18:19 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-08 13:39 --------- d-----w C:\Program Files\WC3Banlist
2008-06-08 13:39 --------- d-----w C:\Program Files\IDM Computer Solutions
2008-06-06 19:52 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\dvdcss
2008-05-27 09:12 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-27 09:12 22,328 ----a-w C:\Documents and Settings\Chris Easton\Application Data\PnkBstrK.sys
2008-05-27 09:12 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-27 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-27 09:02 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-27 09:01 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\SystemRequirementsLab
2008-05-27 08:59 --------- d-----w C:\Program Files\Ubisoft
2008-05-25 18:34 --------- d-----w C:\Program Files\Veoh Networks
2008-05-25 14:56 --------- d-----w C:\Program Files\DivX
2008-05-23 20:21 --------- d-----w C:\Program Files\Ashampoo
2008-05-18 09:18 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-05-18 09:18 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-05-18 08:35 --------- d-----w C:\Program Files\Duplicate Files Finder
2008-05-18 08:34 --------- d-----w C:\Program Files\kidbasic
2008-05-18 08:31 --------- d-----w C:\Program Files\CCleaner
2008-05-17 13:01 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Creative
2008-05-17 12:39 --------- d-----w C:\Program Files\iTunes
2008-05-17 12:39 --------- d-----w C:\Program Files\iPod
2008-05-17 12:37 --------- d-----w C:\Program Files\Innovative Solutions
2008-05-17 12:11 --------- d-----w C:\Program Files\L33TSig
2008-05-16 19:05 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\vlc
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-12 15:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-12 15:31 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-12 13:43 --------- d-----w C:\Program Files\VideoLAN
2008-05-12 13:37 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-10 19:39 --------- d-----w C:\Program Files\Bit Che
2008-05-09 18:29 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Ashampoo
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 15:32 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Serif
2008-05-06 15:05 --------- d-----w C:\Program Files\Serif
2008-05-05 21:19 --------- d-----w C:\Program Files\Haute Secure
2008-05-05 21:17 2,275,840 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-05-05 19:54 --------- d-----w C:\Program Files\GoldWave
2008-05-05 14:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-05 14:25 --------- d-----w C:\Program Files\MSBuild
2008-05-05 14:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-04 16:32 --------- d-----w C:\Program Files\QuickTime
2008-05-03 20:29 --------- d-----w C:\Program Files\Lavalys
2008-05-03 17:56 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\UpdateStar
2008-05-02 11:06 --------- d-----w C:\Program Files\Sun
2008-05-02 11:06 --------- d-----w C:\Program Files\Java
2008-04-30 16:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 20:50 --------- d-----w C:\Program Files\Britannica 8.0
2008-04-29 20:45 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-29 18:00 --------- d-----w C:\Documents and Settings\Chris Easton\Application Data\Ahead
2008-04-29 16:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-29 14:55 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-04-28 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-28 21:43 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-28 21:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-28 21:40 --------- d-----w C:\Program Files\Nero
2008-04-28 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-28 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-04-28 19:21 --------- d-----w C:\Program Files\Microsoft Games
2008-04-24 10:22 25,976 ----a-w C:\WINDOWS\system32\tcpipbak.reg
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-19 10:27 47,360 ----a-w C:\Documents and Settings\Chris Easton\Application Data\pcouffin.sys
2008-04-18 20:10 155,995 ----a-w C:\WINDOWS\java\Packages\4CN9NDVH.ZIP
2008-04-18 19:06 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-18 19:06 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 01:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 23:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 23:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 23:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 23:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 22:45 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Bit Che ----
2008-05-10 20:40 25682 --a------ C:\Program Files\Bit Che\settings.ini
2008-04-18 21:21 7581 --a------ C:\Program Files\Bit Che\unins000.dat
2008-04-18 21:20 674074 --a------ C:\Program Files\Bit Che\unins000.exe
2008-02-11 16:38 794 --a------ C:\Program Files\Bit Che\scripts\eztvefnet.ini
2008-02-11 16:27 593 --a------ C:\Program Files\Bit Che\scripts\corsaronero.ini
2008-02-11 16:08 769 --a------ C:\Program Files\Bit Che\scripts\Colombo-bt.org.ini
2008-02-11 16:07 873 --a------ C:\Program Files\Bit Che\scripts\creepytor.ini
2008-02-11 16:07 577 --a------ C:\Program Files\Bit Che\scripts\bushtorrent.ini
2008-02-11 16:06 1249 --a------ C:\Program Files\Bit Che\scripts\torrents.ru.ini
2008-02-11 16:03 943 --a------ C:\Program Files\Bit Che\scripts\merc-tech.ini
2008-01-08 11:44 783 --a------ C:\Program Files\Bit Che\scripts\torrentbox.ini
2007-11-30 21:12 950 --a------ C:\Program Files\Bit Che\scripts\mybittorrent.ini
2007-11-25 23:40 987 --a------ C:\Program Files\Bit Che\scripts\jamendo.com.ini
2007-11-25 17:14 864 --a------ C:\Program Files\Bit Che\scripts\status-x.ini
2007-11-25 17:09 922 --a------ C:\Program Files\Bit Che\scripts\torrential.kicks-ass.org.ini
2007-11-25 17:07 862 --a------ C:\Program Files\Bit Che\scripts\softmp3.ini
2007-11-25 17:06 762 --a------ C:\Program Files\Bit Che\scripts\textbooktorrents.ini
2007-11-25 17:06 1335 --a------ C:\Program Files\Bit Che\scripts\TntVillage.ini
2007-11-13 22:54 718 --a------ C:\Program Files\Bit Che\scripts\mp3nova.ini
2007-11-13 22:48 748 --a------ C:\Program Files\Bit Che\scripts\oinkme.ini
2007-11-13 22:47 787 --a------ C:\Program Files\Bit Che\scripts\demonoid.ini
2007-11-13 22:42 1083 --a------ C:\Program Files\Bit Che\scripts\mininova.ini
2007-11-13 22:34 882 --a------ C:\Program Files\Bit Che\scripts\scenehd.org.ini
2007-11-13 22:34 740 --a------ C:\Program Files\Bit Che\scripts\sumotorrent.ini
2007-11-13 22:34 1034 --a------ C:\Program Files\Bit Che\scripts\thebox.bz.ini
2007-11-13 21:56 1093 --a------ C:\Program Files\Bit Che\scripts\filemp3.ini
2007-10-08 21:09 986 --a------ C:\Program Files\Bit Che\scripts\torrents.bol.bg.ini
2007-10-08 21:08 926 --a------ C:\Program Files\Bit Che\scripts\ipodnova.ini
2007-09-23 22:10 1003 --a------ C:\Program Files\Bit Che\scripts\leecherslair.com.ini
2007-09-03 14:57 729 --a------ C:\Program Files\Bit Che\scripts\sharetv.ini
2007-09-01 18:55 1071 --a------ C:\Program Files\Bit Che\scripts\torrentbits.ro.ini
2007-09-01 18:52 1386 --a------ C:\Program Files\Bit Che\scripts\bitsoup.ini
2007-09-01 17:42 666 --a------ C:\Program Files\Bit Che\scripts\newtorrents.ini
2007-09-01 17:35 850 --a------ C:\Program Files\Bit Che\scripts\h33t.ini
2007-08-28 18:07 700 --a------ C:\Program Files\Bit Che\scripts\bt.etree.org.ini
2007-08-27 17:32 936 --a------ C:\Program Files\Bit Che\scripts\TorrentDemons.ini
2007-08-26 18:42 888 --a------ C:\Program Files\Bit Che\scripts\suprnova.org.ini
2007-08-26 18:42 1189 --a------ C:\Program Files\Bit Che\scripts\ilovetorrents.ini
2007-08-26 18:42 1148 --a------ C:\Program Files\Bit Che\scripts\torrentphase.com.ini
2007-08-14 18:02 749 --a------ C:\Program Files\Bit Che\scripts\bit-hdtv.ini
2007-08-14 18:00 998 --a------ C:\Program Files\Bit Che\scripts\torrentreactor.ini
2007-07-18 16:47 1156 --a------ C:\Program Files\Bit Che\scripts\iptorrents.ini
2007-07-11 19:43 24557 --a------ C:\Program Files\Bit Che\scripts\special.exe
2007-07-11 12:50 687 --a------ C:\Program Files\Bit Che\scripts\btswarm.org.ini
2007-07-11 02:37 1339 --a------ C:\Program Files\Bit Che\scripts\snarf-it.reg.ini
2007-07-11 02:35 1192 --a------ C:\Program Files\Bit Che\scripts\snarf-it.ini
2007-07-10 09:09 1227 --a------ C:\Program Files\Bit Che\scripts\torrentspy.ini
2007-07-10 02:05 946 --a------ C:\Program Files\Bit Che\scripts\blackcats-games.ini
2007-07-09 13:19 1216 --a------ C:\Program Files\Bit Che\scripts\uknova.com.ini
2007-06-21 14:02 1014 --a------ C:\Program Files\Bit Che\scripts\thepeerhub.com.ini
2007-06-21 14:01 949 --a------ C:\Program Files\Bit Che\scripts\supertorrents.org.ini
2007-06-05 09:40 1007 --a------ C:\Program Files\Bit Che\scripts\luciferadreams.ini
2007-06-05 00:56 926 --a------ C:\Program Files\Bit Che\scripts\FunFile.Org.ini
2007-04-23 13:03 1032 --a------ C:\Program Files\Bit Che\scripts\boxtorrents.ini
2007-04-11 18:35 1127 --a------ C:\Program Files\Bit Che\scripts\torrent-damage.ini
2007-03-12 02:24 1006 --a------ C:\Program Files\Bit Che\scripts\piratebay_members.ini
2007-03-10 13:59 896 --a------ C:\Program Files\Bit Che\scripts\stmusic.ini
2007-03-10 13:59 1079 --a------ C:\Program Files\Bit Che\scripts\bitnation.ini
2007-02-09 18:56 930 --a------ C:\Program Files\Bit Che\scripts\myspleen.ini
2007-01-03 02:37 1101 --a------ C:\Program Files\Bit Che\scripts\midnight-torrents.ini
2007-01-01 18:47 1087 --a------ C:\Program Files\Bit Che\scripts\scenemachine.org.ini
2006-12-31 22:45 958 --a------ C:\Program Files\Bit Che\scripts\dvdclub.ini
2006-12-31 21:14 920 --a------ C:\Program Files\Bit Che\scripts\Takeabyte.org.ini
2006-12-14 17:01 837 --a------ C:\Program Files\Bit Che\scripts\revolutiontt.ini
2006-12-14 10:58 6513 --a------ C:\Program Files\Bit Che\languages\Dutch.ini
2006-12-14 03:04 14204 --a------ C:\Program Files\Bit Che\languages\Greek.ini
2006-12-13 23:00 275057 --a------ C:\Program Files\Bit Che\Bit_Che.exe
2006-12-13 15:18 982 --a------ C:\Program Files\Bit Che\scripts\dididave.ini
2006-12-13 14:36 9813 --a------ C:\Program Files\Bit Che\languages\French.ini
2006-12-13 14:36 9695 --a------ C:\Program Files\Bit Che\languages\Italian.ini
2006-12-13 14:36 9592 --a------ C:\Program Files\Bit Che\languages\Portuguese.ini
2006-12-13 14:36 9208 --a------ C:\Program Files\Bit Che\languages\Arabic.ini
2006-12-13 14:36 7661 --a------ C:\Program Files\Bit Che\languages\Spanish.ini
2006-12-13 14:36 7211 --a------ C:\Program Files\Bit Che\languages\Finnish.ini
2006-12-13 14:32 31 --a------ C:\Program Files\Bit Che\coffee\0~_Example_Cup.txt
2006-12-13 14:16 6148 --a------ C:\Program Files\Bit Che\languages\English.ini
2006-12-12 16:35 11697 --a------ C:\Program Files\Bit Che\languages\compare.exe
2006-12-12 13:45 749 --a------ C:\Program Files\Bit Che\scripts\btjunkie.ini
2006-12-10 22:11 869 --a------ C:\Program Files\Bit Che\languages\flags\Arabic.ico
2006-11-28 14:29 972 --a------ C:\Program Files\Bit Che\languages\flags\Portuguese.ico
2006-11-23 19:46 0 --a------ C:\Program Files\Bit Che\filter.txt
2006-11-06 13:45 1129 --a------ C:\Program Files\Bit Che\scripts\torrentbytes.ini
2006-11-06 13:43 1207 --a------ C:\Program Files\Bit Che\scripts\todotorrents.ini
2006-11-06 13:31 868 --a------ C:\Program Files\Bit Che\scripts\hdbits.ini
2006-11-06 13:27 1195 --a------ C:\Program Files\Bit Che\scripts\filelist.ini
2006-11-06 13:25 1423 --a------ C:\Program Files\Bit Che\scripts\araditracker.ini
2006-11-06 13:23 1099 --a------ C:\Program Files\Bit Che\scripts\!!!!!ile.ini
2006-11-06 13:20 1097 --a------ C:\Program Files\Bit Che\scripts\dimeadozen.ini
2006-11-06 04:46 820 --a------ C:\Program Files\Bit Che\scripts\btmon.ini
2006-11-06 04:44 772 --a------ C:\Program Files\Bit Che\scripts\slotorrent.ini
2006-11-06 04:40 1127 --a------ C:\Program Files\Bit Che\scripts\zerotracker.ini
2006-11-06 01:30 1189 --a------ C:\Program Files\Bit Che\scripts\torrentportal.ini
2006-11-06 01:26 1583 --a------ C:\Program Files\Bit Che\scripts\isohunt.ini
2006-10-05 11:31 822 --a------ C:\Program Files\Bit Che\scripts\piratebay.ini
2006-09-02 15:37 27648 --a------ C:\Program Files\Bit Che\x.exe
2006-08-29 10:47 27648 --a------ C:\Program Files\Bit Che\scripts\update.exe
2003-08-19 03:06 80896 --a------ C:\Program Files\Bit Che\scripts\x.dll
2002-10-02 02:29 318 --a------ C:\Program Files\Bit Che\languages\flags\Spanish.ico
2002-09-30 00:56 318 --a------ C:\Program Files\Bit Che\languages\flags\Dutch.ico
2002-09-29 17:30 318 --a------ C:\Program Files\Bit Che\languages\flags\Finnish.ico
2002-09-29 02:11 318 --a------ C:\Program Files\Bit Che\languages\flags\Greek.ico
2002-09-28 18:10 318 --a------ C:\Program Files\Bit Che\languages\flags\Italian.ico
2002-09-28 17:43 318 --a------ C:\Program Files\Bit Che\languages\flags\French.ico
2002-09-27 01:16 318 --a------ C:\Program Files\Bit Che\languages\flags\English.ico
---- Directory of “C:\Program Files\Bit Che “ ----
“C:\Program Files\Bit Che “\
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-04-03 14:32 71224 --a------ C:\Program Files\Haute Secure\CtBho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= "C:\Program Files\Haute Secure\CtToolBand.dll" [2008-04-03 14:32 1403960]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-04-03 14:32 1403960]
[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-03-08 10:56 480768]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-03-27 07:34 308552]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 18:19 122880]
"CTHelper"="CTHELPER.EXE" [2006-05-24 05:20 17920 C:\WINDOWS\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-03-27 07:34 308552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 14:12 843776]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-09-24 15:57 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-04-03 14:32 98360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 11:05 110592]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-30 17:44 262144]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"IDTSysTrayApp"="sttray.exe" [2007-09-05 21:24 405504 C:\WINDOWS\sttray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
C:\Documents and Settings\Chris Easton\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 12:00:44 PM 2301798]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Easton^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Chris Easton\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 11:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
--a------ 2006-12-08 07:45 543232 C:\Program Files\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-24 05:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel]
--a------ 2008-06-09 21:13 3264000 C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 11:23 1032640 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L33TSig]
--a------ 2008-01-19 23:29 544768 C:\Program Files\L33TSig\L33TSig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-02-06 18:52 462935 C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-08-16 09:02 1877272 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2007-08-16 09:03 1269000 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
--a------ 2008-04-28 15:36 3818160 C:\Documents and Settings\Chris Easton\Application Data\UpdateStar\UpdateStar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-01 18:11 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"VaultClientSRV"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 Ct;Ct;C:\WINDOWS\system32\DRIVERS\ct.sys [2008-04-03 14:32]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-03-13 15:27]
R2 BdGaming;BullGuard Gaming Driver;C:\Program Files\BullGuard Ltd\BullGuard\BdGaming.sys [2007-12-20 11:15]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R2 BsGaming;BullGuard Gaming Service;"C:\Program Files\BullGuard Ltd\BullGuard\BsGaming.exe" [2008-03-19 14:07]
R2 CtServ;CtServ;C:\WINDOWS\system32\svchost.exe [2008-04-14 05:42]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 11:42]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 04:40]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 09:08]
S3 BGRaSvc;BGRaSvc;"C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe" [2008-02-21 10:47]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]
S4 VaultClientSRV;BT Auto Backup Service;C:\Program Files\BT Auto Backup\VaultClientSRV.exe [2007-07-04 22:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
CtServ REG_MULTI_SZ CtServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34926542-0d7f-11dd-a13c-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 20:31:16 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-14 08:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 13:32:08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 13:20:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-06-29 13:25:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 12:25:11
ComboFix2.txt 2008-06-28 15:12:34
Pre-Run: 403,005,300,736 bytes free
Post-Run: 402,988,527,616 bytes free
477 --- E O F --- 2008-06-21 11:21:44
Hope this helps!
I have uninstalled or removed recovery console because i didnt want it asking at start up! | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13085
| Posted 6-29-2008 5:40 (GMT +2) |
| |
