Logfile of HijackThis v1.99.1
Scan saved at 3:40:38 AM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX12.609\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/qadummy7/gamehouseplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Hi docarter

 

 

EDIT:wasent double post

Post Edited (docarter) : 30-12-2007 09:41:59 GMT

 

 

BitDefender Log File !!!!!

Product	:	BitDefender Total Security 2008
Version	:	BitDefender UIScanner v.11
Log date	:	04:55:43 30/12/2007
Log path	:	C:\Documents and Settings\Owner\Application Data\BitDefender\Desktop\Profiles\Logs\manual_scan\1199008543_3_02.xml

Scan Paths:

Path0000:

C:\

Scan Options:

Scan for viruses	:	Yes
Scan for adware	:	Yes
Scan for spyware	:	Yes
Scan for applications	:	Yes
Scan for dialers	:	Yes
Scan for rootkits	:	No

Target selection options:

Scan registry keys	:	No
Scan cookies	:	No
Scan boot sectors	:	No
Scan memory processes	:	No
Scan archives	:	No
Scan runtime packers	:	No
Scan emails	:	No
Scan all files	:	No
Heuristic Scan	:	No
Scanned extensions	:
Excluded extensions	:

Target Processing

Default action for infected objects	:	None
Default action for suspicious objects	:	None
Default action for hidden objects	:	None

Scan engines summary

Number of virus signatures	:	962752
Archive plugins	:	41
Email plugins	:	6
Scan plugins	:	12
Archive plugins	:	41
System plugins	:	4
Unpack plugins	:	7

Overall scan summary

Scanned items	:	265636
Infected items	:	8
Suspicious items	:	0
Resolved items	:	0
Individual viruses found	:	2
Scanned directories	:	6660
Scanned boot sectors	:	0
Scanned archives	:	1315
Input-output errors	:	14
Scan time	:	00:00:38:47
Files per second	:	114

Scanned processes summary

Scanned	:	0
Infected	:	0

Scanned registry keys summary

Scanned	:	0
Infected	:	0

Scanned cookies summary

Scanned	:	0
Infected	:	0

Remaining issues:

Object Name	Threat Name	Final Status
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVSAIAVX\LimeWireWin[1].zip=]LimeWireWin.exe	Password-Protected Items	No action was possible
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVSAIAVX\LimeWireWin[1].zip=]README.txt	Password-Protected Items	No action was possible
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVSAIAVX\LimeWireWin[1].zip=]www.FreeLimeWirePro.net.txt	Password-Protected Items	No action was possible
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OVSAIAVX\LimeWireWin[1].zip=]FREE Download LimeWire PRO.url	Password-Protected Items	No action was possible
C:\Downloads\DF XTrainer_rar.rar=]DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\EPE PRO.exe	Trojan.Sniff.Wpepro.C	No action was possible
C:\Downloads\DF XTrainer_rar.rar=]DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\WPE PRO.exe	Trojan.Sniff.Wpepro.C	No action was possible
C:\Downloads\DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\EPE PRO.exe	Trojan.Sniff.Wpepro.C	No action was possible
C:\Downloads\DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\WPE PRO.exe	Trojan.Sniff.Wpepro.C	No action was possible
C:\Downloads\DF XTrainer_rar.rar=]DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\EpeSpy.dll	Trojan.Wpepro.B	No action was possible
C:\Downloads\DF XTrainer_rar.rar=]DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\WpeSpy.dll	Trojan.Wpepro.B	No action was possible
C:\Downloads\DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\EpeSpy.dll	Trojan.Wpepro.B	No action was possible
C:\Downloads\DF XTrainer_rar.vir=]SWFs and Apps\Filters and WPEs\WpeSpy.dll	Trojan.Wpepro.B	No action was possible

Resolved issues:

Object Name

Threat Name

Final Status

_______________________________________________________________________________________________________________

log here

 

 

ComboFix 07-12-21.4 - Owner 2007-12-30  4:48:49.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1484 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\NTSVC.ocx

.
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-30  )))))))))))))))))))))))))))))))
.

2007-12-30 04:26 . 2007-12-30 04:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-30 01:32 . 2007-12-30 01:32 <DIR> d-------- C:\Program Files\FreshDevices
2007-12-30 00:15 . 2007-12-30 00:15 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-30 00:15 . 2007-12-30 00:15 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-30 00:15 . 2007-12-30 00:15 <DIR> d-------- C:\Program Files\MSBuild
2007-12-30 00:14 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-30 00:11 . 2007-12-30 00:11 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-12-30 00:10 . 2007-12-30 00:10 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-29 06:21 . 2007-10-13 13:33 1,622,016 --a------ C:\WINDOWS\system32\pmropn.exe
2007-12-29 06:21 . 2007-10-13 13:33 352,256 --a------ C:\WINDOWS\system32\pmls.dll
2007-12-29 06:20 . 2007-12-29 06:20 <DIR> d-------- C:\Program Files\NudgeMania
2007-12-29 04:49 . 2007-12-29 04:53 <DIR> d-------- C:\Program Files\MTV Virtual World
2007-12-29 03:11 . 2007-12-29 03:11 <DIR> d-------- C:\Program Files\Launchy
2007-12-29 03:11 . 2007-12-29 03:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Launchy
2007-12-27 06:50 . 2007-12-27 06:50 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-27 06:35 . 2007-12-27 06:35 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-27 03:11 . 2007-12-27 03:11 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-26 22:25 . 2007-12-26 22:25 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-26 22:25 . 2007-12-26 22:25 <DIR> d-------- C:\Program Files\Futuremark
2007-12-26 22:25 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-26 22:25 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-26 18:21 . 2007-12-30 04:50 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-26 18:12 . 2007-12-26 18:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitDefender
2007-12-26 18:10 . 2007-12-26 18:10 <DIR> d-------- C:\Program Files\BitDefender
2007-12-26 18:10 . 2007-12-26 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-26 18:08 . 2007-12-26 18:10 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-26 17:29 . 2007-12-26 17:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2007-12-26 04:44 . 2007-12-26 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-26 04:20 . 2007-12-26 04:20 <DIR> d-------- C:\Program Files\HyCam2
2007-12-26 03:59 . 2007-12-26 04:06 9,351 --a------ C:\WINDOWS\system32\shutdown.rar
2007-12-25 19:56 . 2007-12-29 17:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-25 19:55 . 2007-12-29 20:43 <DIR> d-------- C:\Fraps
2007-12-25 15:47 . 2007-12-25 15:58 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-25 15:47 . 2007-12-25 15:59 <DIR> d-------- C:\Program Files\Celceo SystemAI
2007-12-25 15:36 . 2007-12-25 15:36 <DIR> d-------- C:\OtsLabs
2007-12-25 02:11 . 2007-12-25 02:11 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-24 22:18 . 2007-12-25 16:00 <DIR> d-------- C:\Program Files\Steam
2007-12-23 23:01 . 2007-12-23 23:01 <DIR> d-------- C:\Program Files\Rigs Of Rods Vehicle Editor
2007-12-23 23:01 . 2007-12-23 23:01 286,720 --------- C:\WINDOWS\Setup1.exe
2007-12-23 23:01 . 2007-12-23 23:01 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-23 03:43 . 2007-12-23 03:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-22 14:49 . 2007-12-22 14:49 <DIR> d-------- C:\Program Files\Dark Night Market
2007-12-22 14:30 . 2007-12-22 14:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-22 13:40 . 2007-12-30 04:33 <DIR> d-------- C:\Downloads
2007-12-22 13:06 . 2007-12-30 04:33 <DIR> d-------- C:\Program Files\FlashGet
2007-12-22 13:06 . 2006-04-20 06:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-21 19:54 . 2007-12-21 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 19:34 . 2007-12-30 03:15 <DIR> d-------- C:\Program Files\Trillian
2007-12-21 14:13 . 2007-12-21 14:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-21 14:12 . 2007-12-21 14:12 <DIR> d-------- C:\Program Files\QuickTime
2007-12-21 14:12 . 2007-12-21 14:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-21 14:12 . 2007-12-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 14:12 . 2007-12-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 14:12 . 2007-12-29 23:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-21 14:12 . 2007-12-21 14:12 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-21 00:06 . 2007-12-21 00:06 <DIR> d-------- C:\Program Files\Bandwidth Monitor Pro
2007-12-21 00:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-20 23:47 . 2007-12-20 23:47 <DIR> d-------- C:\Program Files\No-IP
2007-12-20 17:55 . 2007-12-20 17:55 <DIR> d-------- C:\Documents and Settings\Owner\Visual IP Trace
2007-12-20 17:54 . 2007-12-29 02:39 <DIR> d-------- C:\Program Files\Visual IP Trace 2007
2007-12-20 17:54 . 2007-12-20 17:55 <DIR> d-------- C:\Documents and Settings\Owner\vw
2007-12-20 15:39 . 2007-12-20 15:39 <DIR> d-------- C:\Program Files\Sun
2007-12-20 15:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-20 15:26 . 2007-12-22 13:09 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2007-12-20 13:37 . 2007-12-20 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2007-12-20 13:04 . 2007-12-29 15:04 <DIR> d-------- C:\Program Files\Cheat Engine
2007-12-20 13:04 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-12-20 13:04 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-12-20 12:01 . 2007-12-20 12:01 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-20 11:45 . 2007-12-20 11:47 766 --a------ C:\CrossHair.ico
2007-12-20 09:41 . 2007-12-20 09:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-20 08:58 . 2007-12-26 04:21 <DIR> d-------- C:\Program Files\DivX
2007-12-20 03:06 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-20 00:24 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-20 00:22 . 2007-12-27 06:15 <DIR> d-------- C:\Program Files\TechSmith
2007-12-20 00:22 . 2007-12-20 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-12-20 00:21 . 2007-12-20 00:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 20:21 . 2007-12-19 20:21 <DIR> d-------- C:\WINDOWS\Sun
2007-12-19 20:08 . 2007-12-29 23:03 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-19 19:49 . 2007-12-19 21:25 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2007-12-19 19:38 . 2007-12-30 01:13 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2007-12-19 19:38 . 2007-12-30 03:36 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2007-12-19 19:38 . 2007-12-29 05:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-19 19:37 . 2007-12-29 03:45 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 19:31 . 2007-12-20 15:39 <DIR> d-------- C:\Program Files\Java
2007-12-19 19:29 . 2007-12-19 19:29 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-19 19:18 . 2007-12-30 01:02 <DIR> d-------- C:\Program Files\Rigs of Rods 0.33d
2007-12-19 19:13 . 2007-12-19 19:17 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-19 18:51 . 2007-12-20 16:14 <DIR> d-------- C:\Program Files\Google
2007-12-19 18:51 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-19 18:49 . 2007-12-30 01:17 <DIR> d-------- C:\Documents and Settings\Owner\Tracing
2007-12-19 18:48 . 2007-12-19 18:48 <DIR> d-------- C:\Program Files\Windows Live
2007-12-18 15:41 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-12-18 15:40 . 2007-12-18 15:41 <DIR> d-------- C:\Program Files\CyberLink
2007-12-18 14:25 . 2007-12-18 14:25 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-18 14:17 . 2007-12-18 14:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2007-12-18 14:15 . 2007-12-18 14:15 <DIR> d-------- C:\Program Files\Nero
2007-12-18 14:15 . 2007-12-18 14:17 <DIR> d-------- C:\Program Files\Common Files\Ahead

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 08:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 08:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 20:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 20:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 14:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
{E70C26AE-DFF1-40A8-8D37-19180F56F0AA}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34]
"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 16:48]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 18:51]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 00:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-11-21 22:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-16 16:37]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2007-12-20 23:47:55]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 17:34:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-19 18:51:40]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-29 03:11:02]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 22:55 54832 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
   C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-19 18:51 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 07:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 04:39]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-12 16:28]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2007-08-02 16:03]
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
S3 FreshIO;FreshIO;C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ    scan

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 23:31:06 C:\WINDOWS\Tasks\BackUp.job"
- C:\Program Files\BitDefender\BitDefender Backup\backup.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 04:50:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30  4:51:07
.
2007-12-30 05:58:02 --- E O F --- 

 

 

 

 

IT DELETED MY BANDWITH MOITER THATS ALL!!!! IT WAS SAFE ALSO!!!!! -.-