dns.flush Win32.agent.ieu + Win32.fraudload.edt

S

saultodd

New member
I think ive got rid of them but i will like an expert to check.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:05:13, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = A Williamson
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269111174234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269111163734
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D00F085-7980-4BE2-B34E-24C824F3A634}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.101,93.188.161.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.101,93.188.161.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.101,93.188.161.167
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7240 bytes




DDS (Ver_10-03-17.01) - NTFSx86
Run by A Williamson at 10:06:17.85 on 22/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.480 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\A Williamson\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = www.google.co.uk
uStart Page = hxxp://www.google.co.uk/
uWindow Title = A Williamson
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269111174234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269111163734
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.101,93.188.161.167
TCP: {7D00F085-7980-4BE2-B34E-24C824F3A634} = 192.168.1.1,192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\awilli~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\awilli~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-04-22 09:04:04 0 d-----w- c:\program files\TrendMicro
2010-04-21 17:41:46 0 d-----w- c:\windows\system32\CatRoot2
2010-04-21 08:20:15 0 d-----w- c:\program files\SpywareBlaster
2010-04-20 22:08:48 204 ----a-w- c:\windows\system32\MRT.INI
2010-04-20 12:39:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-20 12:39:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-13 14:32:43 0 d-----w- C:\spoolerlogs
2010-04-13 14:31:01 161792 ----a-w- c:\windows\Pmoxic.exe
2010-04-13 14:30:22 161792 ----a-w- c:\windows\Pmoxib.exe
2010-04-13 14:29:59 161792 ----a-w- c:\windows\Pmoxia.exe
2010-04-12 19:29:51 0 d-----w- c:\docume~1\awilli~1\applic~1\Office Genuine Advantage
2010-04-12 12:11:28 0 d-----w- c:\program files\No-IP
2010-04-12 10:17:32 26624 ----a-w- c:\windows\system32\VNCpm.dll
2010-04-12 10:17:20 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2010-04-12 10:17:20 20992 ----a-w- c:\windows\system32\vncmirror.dll
2010-04-12 10:17:14 0 d-----w- c:\program files\RealVNC
2010-04-08 17:58:15 0 d-----w- c:\docume~1\awilli~1\applic~1\BitDefender
2010-04-08 17:27:12 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-04-08 17:27:11 0 d-----w- c:\program files\Driver Checker
2010-04-08 17:24:14 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-08 16:41:19 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-08 16:41:03 0 d-----w- C:\Intel
2010-04-08 16:21:15 0 d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-04-08 16:16:48 0 d-----w- c:\program files\SystemRequirementsLab
2010-04-08 15:50:54 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-08 15:50:54 17737 ----a-w- c:\windows\system32\nvdisp.nvu
2010-04-08 15:50:54 163353 ----a-w- c:\windows\system32\nvapps.xml
2010-04-08 15:50:54 0 d-----w- c:\windows\nview
2010-04-08 15:50:40 0 d-----w- c:\windows\system32\ReinstallBackups
2010-04-08 15:50:30 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-08 15:50:11 0 d-----w- C:\NVIDIA
2010-04-08 14:33:03 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-07 16:12:06 0 d-----w- c:\windows\SxsCaPendDel
2010-04-07 16:07:37 0 d-----w- c:\windows\system32\appmgmt
2010-04-07 15:45:11 850 ----a-w- c:\documents and settings\a williamson\Application DataProductTweaks.xml
2010-04-07 15:45:11 385 ----a-w- c:\documents and settings\a williamson\Application Datauser_gensett.xml
2010-04-07 15:45:11 376 ----a-w- c:\documents and settings\a williamson\Application Dataprivacy.xml

==================== Find3M ====================

2010-04-08 19:35:21 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-04-08 19:35:21 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-04-08 19:35:01 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-21 14:26:33 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-21 14:26:33 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-13 12:23:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:27:58 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-28 17:09:36 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-01-28 16:52:50 734328 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-01-28 16:52:50 518264 ----a-w- c:\windows\system32\accesor.dll
2010-01-28 16:32:04 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-01-28 16:16:16 1718904 ----a-w- c:\windows\system32\ncscolib.dll
2010-01-27 12:52:26 256712 ----a-w- c:\windows\system32\Prounstl.exe

============= FINISH: 10:07:39.43 ===============
 
More information

ComboFix 10-04-21.01 - A Williamson 22/04/2010 10:23:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.718 [GMT 1:00]
Running from: c:\documents and settings\A Williamson\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A Williamson\Application Data\chrtmp
c:\windows\Pmoxia.exe
c:\windows\Pmoxib.exe
c:\windows\Pmoxic.exe
c:\windows\system32\OGACheckControl.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 09:04 . 2010-04-22 09:04 388096 ----a-r- c:\documents and settings\A Williamson\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-22 09:04 . 2010-04-22 09:04 -------- d-----w- c:\program files\TrendMicro
2010-04-21 17:41 . 2010-04-22 09:23 -------- d-----w- c:\windows\system32\CatRoot2
2010-04-21 16:43 . 2010-04-21 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-21 08:20 . 2010-04-21 16:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-21 08:20 . 2010-04-21 08:28 -------- d-----w- c:\program files\SpywareBlaster
2010-04-20 12:39 . 2010-04-20 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-20 12:39 . 2010-04-20 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-13 14:32 . 2010-04-13 14:32 -------- d-----w- C:\spoolerlogs
2010-04-12 19:29 . 2010-04-12 19:29 -------- d-----w- c:\documents and settings\A Williamson\Application Data\Office Genuine Advantage
2010-04-12 12:11 . 2010-04-13 14:04 -------- d-----w- c:\program files\No-IP
2010-04-12 10:17 . 2009-07-24 23:21 26624 ----a-w- c:\windows\system32\VNCpm.dll
2010-04-12 10:17 . 2009-07-24 23:21 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2010-04-12 10:17 . 2009-07-24 23:21 20992 ----a-w- c:\windows\system32\vncmirror.dll
2010-04-12 10:17 . 2010-04-12 10:17 -------- d-----w- c:\program files\RealVNC
2010-04-08 17:58 . 2010-04-08 17:58 -------- d-----w- c:\documents and settings\A Williamson\Application Data\BitDefender
2010-04-08 17:27 . 2008-12-03 16:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-04-08 17:27 . 2010-04-08 17:27 -------- d-----w- c:\program files\Driver Checker
2010-04-08 17:24 . 2010-04-08 17:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-08 16:41 . 2010-04-08 16:41 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-08 16:41 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-08 16:41 . 2010-04-08 16:41 -------- d-----w- C:\Intel
2010-04-08 16:32 . 2010-04-08 16:41 -------- d-----w- c:\program files\Intel
2010-04-08 16:21 . 2010-04-08 16:21 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-04-08 16:16 . 2010-04-08 16:16 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-08 15:50 . 2010-04-08 15:50 -------- d-----w- c:\windows\nview
2010-04-08 15:50 . 2007-12-05 00:41 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-08 15:50 . 2007-12-05 01:53 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-08 15:50 . 2010-04-08 15:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-08 15:50 . 2010-04-08 15:50 -------- d-----w- C:\NVIDIA
2010-04-08 14:33 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-07 16:12 . 2010-04-07 16:15 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-07 15:55 . 2010-04-07 16:06 -------- d-----w- c:\documents and settings\A Williamson\Local Settings\Application Data\ApplicationHistory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 22:15 . 2010-03-20 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-08 19:35 . 2009-12-07 17:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-04-08 19:35 . 2009-12-07 17:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-04-08 19:35 . 2009-07-24 10:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-04-08 17:58 . 2010-03-21 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-04-08 17:57 . 2010-03-21 14:24 -------- d-----w- c:\program files\Common Files\BitDefender
2010-04-07 16:04 . 2010-03-22 08:08 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-22 08:29 . 2010-03-22 08:29 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-22 08:27 . 2010-03-22 08:13 -------- d-----w- c:\program files\Microsoft
2010-03-22 08:14 . 2010-03-22 08:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-21 14:26 . 2010-03-21 14:26 -------- d-----w- c:\program files\BitDefender
2010-03-21 14:26 . 2010-03-21 14:26 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-21 14:26 . 2010-03-21 14:26 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-21 14:26 . 2010-03-21 14:26 -------- d-----w- c:\documents and settings\A Williamson\Application Data\Creative
2010-03-21 09:33 . 2010-03-21 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-21 09:23 . 2010-03-20 19:41 68456 ----a-w- c:\documents and settings\A Williamson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 23:12 . 2010-03-20 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-20 22:36 . 2010-03-20 21:32 -------- d-----w- c:\program files\Microsoft Works
2010-03-20 21:32 . 2010-03-20 18:03 -------- d-----w- c:\program files\MSBuild
2010-03-20 21:31 . 2010-03-20 21:31 -------- d-----w- c:\program files\Microsoft.NET
2010-03-20 21:29 . 2010-03-20 21:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-20 19:59 . 2010-03-20 19:55 -------- d-----w- c:\program files\UnRar for Windows
2010-03-20 19:41 . 2010-03-20 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-03-20 19:20 . 2010-03-13 12:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-20 19:19 . 2010-03-20 19:19 -------- d-----w- c:\program files\MSXML 4.0
2010-03-20 18:03 . 2010-03-20 18:03 -------- d-----w- c:\program files\Reference Assemblies
2010-03-13 12:47 . 2010-03-13 12:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-13 12:27 . 2010-03-13 12:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 12:25 . 2010-03-13 12:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-13 12:23 . 2010-03-13 12:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2008-06-25 17:19 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-06-23 16:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57 . 2008-07-30 12:09 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 10:03 . 2010-03-20 19:06 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:27 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 11:36 . 2008-07-28 10:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-28 17:09 . 2010-01-28 17:09 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-01-28 16:52 . 2010-01-28 16:52 734328 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-01-28 16:52 . 2010-01-28 16:52 518264 ----a-w- c:\windows\system32\accesor.dll
2010-01-28 16:32 . 2010-01-28 16:32 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-01-28 16:16 . 2010-01-28 16:16 1718904 ----a-w- c:\windows\system32\ncscolib.dll
2010-01-27 12:52 . 2007-04-12 11:47 256712 ----a-w- c:\windows\system32\Prounstl.exe
.

------- Sigcheck -------

[-] 2008-04-25 . B5B1080D35974C0E718D64280761BCD5 . 182912 . . [5.1.2600.5588] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-25 . B5B1080D35974C0E718D64280761BCD5 . 182912 . . [5.1.2600.5588] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-22 . A0857C97770034FD2AF17DC4014B5ABD . 576384 . . [5.1.2600.5585] . . c:\windows\system32\drivers\ntfs.sys

[-] 2008-07-28 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-07-28 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\browser.dll
[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\dllcache\browser.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-24 . D1BAC55BC35A0CA735AEA19F609F2B22 . 507904 . . [5.1.2600.5587] . . c:\windows\system32\winlogon.exe
[-] 2008-04-24 . D1BAC55BC35A0CA735AEA19F609F2B22 . 507904 . . [5.1.2600.5587] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\ie8\mshtml.dll

[-] 2008-07-28 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\mswsock.dll
[-] 2008-07-28 . 290C1A30DEFC723BBE10910AC2D6F6D0 . 245248 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll
[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[-] 2008-04-23 . 459D68B36FCC8B6220730164C6FE81E5 . 2189184 . . [5.1.2600.5586] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\tapisrv.dll
[-] 2008-08-06 . E2B32B10ACC5D97623275AAFB67E5F03 . 249856 . . [5.1.2600.5654] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\ie8\wininet.dll

[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\explorer.exe
[-] 2008-07-03 . 2BB75B7F548D82A099125D0C5971DE7D . 1033728 . . [6.00.2900.5634] . . c:\windows\system32\dllcache\explorer.exe

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[-] 2008-04-14 . 820BA42F77C78395EDE704F3E23893A8 . 2066048 . . [5.1.2600.5586] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-08 1123360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:Real Vnc
"5800:TCP"= 5800:TCP:Real Vnc
"8245:TCP"= 8245:TCP:No-Ip
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [07/12/2009 18:46 153448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 16:06 183880]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {7D00F085-7980-4BE2-B34E-24C824F3A634} = 192.168.1.1,192.168.2.1
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 10:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x86F6A8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7707f28
\Driver\ACPI -> ACPI.sys @ 0xf765acb8
\Driver\atapi -> atapi.sys @ 0xf75efb3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf74b2bb0
PacketIndicateHandler -> NDIS.sys @ 0xf74bfb21
SendHandler -> NDIS.sys @ 0xf749d87b
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-04-22 10:33:07
ComboFix-quarantined-files.txt 2010-04-22 09:33

Pre-Run: 107,702,292,480 bytes free
Post-Run: 107,700,047,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AEEB75A503D1968A18A70D654E53BDB1




DDS (Ver_10-03-17.01) - NTFSx86
Run by A Williamson at 11:44:23.84 on 22/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.682 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\A Williamson\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269111174234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269111163734
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {7D00F085-7980-4BE2-B34E-24C824F3A634} = 192.168.1.1,192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\awilli~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\awilli~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-04-22 09:17:44 0 d-sha-r- C:\cmdcons
2010-04-22 09:16:28 98816 ----a-w- c:\windows\sed.exe
2010-04-22 09:16:28 77312 ----a-w- c:\windows\MBR.exe
2010-04-22 09:16:28 261632 ----a-w- c:\windows\PEV.exe
2010-04-22 09:16:28 161792 ----a-w- c:\windows\SWREG.exe
2010-04-22 09:04:04 0 d-----w- c:\program files\TrendMicro
2010-04-21 17:41:46 0 d-----w- c:\windows\system32\CatRoot2
2010-04-21 08:20:15 0 d-----w- c:\program files\SpywareBlaster
2010-04-20 22:08:48 204 ----a-w- c:\windows\system32\MRT.INI
2010-04-20 12:39:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-20 12:39:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-13 14:32:43 0 d-----w- C:\spoolerlogs
2010-04-12 19:29:51 0 d-----w- c:\docume~1\awilli~1\applic~1\Office Genuine Advantage
2010-04-12 12:11:28 0 d-----w- c:\program files\No-IP
2010-04-12 10:17:32 26624 ----a-w- c:\windows\system32\VNCpm.dll
2010-04-12 10:17:20 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2010-04-12 10:17:20 20992 ----a-w- c:\windows\system32\vncmirror.dll
2010-04-12 10:17:14 0 d-----w- c:\program files\RealVNC
2010-04-08 17:58:15 0 d-----w- c:\docume~1\awilli~1\applic~1\BitDefender
2010-04-08 17:27:12 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-04-08 17:27:11 0 d-----w- c:\program files\Driver Checker
2010-04-08 17:24:14 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-08 16:41:19 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-08 16:41:03 0 d-----w- C:\Intel
2010-04-08 16:21:15 0 d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-04-08 16:16:48 0 d-----w- c:\program files\SystemRequirementsLab
2010-04-08 15:50:54 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-08 15:50:54 17737 ----a-w- c:\windows\system32\nvdisp.nvu
2010-04-08 15:50:54 163353 ----a-w- c:\windows\system32\nvapps.xml
2010-04-08 15:50:54 0 d-----w- c:\windows\nview
2010-04-08 15:50:40 0 d-----w- c:\windows\system32\ReinstallBackups
2010-04-08 15:50:30 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-08 15:50:11 0 d-----w- C:\NVIDIA
2010-04-08 14:33:03 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-07 16:12:06 0 d-----w- c:\windows\SxsCaPendDel
2010-04-07 16:07:37 0 d-----w- c:\windows\system32\appmgmt
2010-04-07 15:45:11 850 ----a-w- c:\documents and settings\a williamson\Application DataProductTweaks.xml
2010-04-07 15:45:11 385 ----a-w- c:\documents and settings\a williamson\Application Datauser_gensett.xml
2010-04-07 15:45:11 376 ----a-w- c:\documents and settings\a williamson\Application Dataprivacy.xml

==================== Find3M ====================

2010-04-08 19:35:21 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-04-08 19:35:21 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-04-08 19:35:01 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-21 14:26:33 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-21 14:26:33 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-13 12:23:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 11:57:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:27:58 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-28 17:09:36 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-01-28 16:52:50 734328 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-01-28 16:52:50 518264 ----a-w- c:\windows\system32\accesor.dll
2010-01-28 16:32:04 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-01-28 16:16:16 1718904 ----a-w- c:\windows\system32\ncscolib.dll
2010-01-27 12:52:26 256712 ----a-w- c:\windows\system32\Prounstl.exe

============= FINISH: 11:45:00.84 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Second topic: http://forums.spybot.info/showthread.php?t=56934

If you have more than one infected computer in the house please let your helper know. Start a new topic for the next machine once the prior thread has been closed.
Click to expand...
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)


Please do NOT run 'FIXES' (ComboFix etc) without being asked
 
You must log in or register to reply here.
Back
Top