Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » msmg & SSBkgUpdate annoyance

[Fixed] Hijackthis! Logs - msmg & SSBkgUpdate annoyance posted in the Security & Safety forums; Hi I suddenly have these two - msmg and SSBkgUpdate - things blocked by my computer at start up. I can't use the internet in normal mode only in safe ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 12-22-2007
macndaz's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
macndaz - See this Members User comments on their Profile page
Default msmg & SSBkgUpdate annoyance
Hi

I suddenly have these two - msmg and SSBkgUpdate - things blocked by my computer at start up. I can't use the internet in normal mode only in safe mode.

I have scanned computer both in normal and safe mode with my NOD32 antivirus also Microsoft Malicious Tool Remover and T_R Trojan Removal. Cleaned, Reboot. Scan again, nothing found. but when I restart they're back and same problem. Everything goes very very slow and no internet.

What the ???

Any help most appreciated.

Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:12, on 22/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\Windows\oggview.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Microsoft Update Machine] szjnum.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] szjnum.exe
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Microsoft Update Machine] szjnum.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Update] C:\Windows\msmg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9175 bytes
  #2  
Old 12-22-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: msmg & SSBkgUpdate annoyance
This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 12-27-2007
macndaz's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
macndaz - See this Members User comments on their Profile page
Default Re: msmg & SSBkgUpdate annoyance
Hey Pancake, Thanks for your reply. Hopefully you can help me as I am falling so behind
on my studies..anyhow. I ran the Combo fix heres the log

12:09 2007-12-27ComboFix 07-12-21.4 - Cormac Handy 2007-12-24 21:20:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2031 [GMT 0:00]
Running from: C:\Users\Cormac Handy\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 23522 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\svchost.exe
C:\Users\Cormac Handy\AppData\Roaming\inst.exe
C:\Windows\setup.exe
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll
O:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 16:35 . 2007-12-24 16:36 <DIR> d-------- C:\Program Files\Net Tools
2007-12-23 18:20 . 2007-12-23 18:20 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\U3
2007-12-22 13:04 . 2007-12-22 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Simply Super Software
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\Users\All Users\Simply Super Software
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\ProgramData\Simply Super Software
2007-12-22 12:23 . 2007-12-24 18:23 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-22 12:23 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2007-12-22 12:23 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2007-12-22 12:23 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2007-12-22 12:23 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2007-12-22 12:23 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2007-12-21 21:34 . 2007-12-21 21:34 249,856 --a------ C:\Windows\oggview.dll
2007-12-21 21:28 . 2007-12-21 21:28 14,651,472 --a------ C:\Windows\System32\sspsetup1_60786.exe
2007-12-21 18:52 . 2006-05-10 21:36 196,608 --a------ C:\Windows\System32\UpdateDriver.exe
2007-12-21 18:52 . 2006-07-20 19:06 525 --a------ C:\Windows\System32\ucuiinfo.ini
2007-12-20 00:45 . 2007-12-20 00:45 32,256 --a------ C:\Windows\System32\routing.exe
2007-12-20 00:44 . 2007-12-24 11:35 253,440 --a------ C:\Windows\System32\ndt2.sys
2007-12-20 00:44 . 2007-12-20 00:44 45,056 --a------ C:\Windows\System32\Indt2.sys
2007-12-20 00:44 . 2007-12-20 00:44 40 --a------ C:\Windows\System32\drmgs.sys
2007-12-19 18:40 . 2007-12-19 18:40 0 --ah----- C:\ProgramData.LOG2
2007-12-19 18:40 . 2007-12-19 18:40 0 --ah----- C:\ProgramData.LOG1
2007-12-19 18:16 . 2007-12-20 10:17 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-18 15:23 . 2007-12-18 15:23 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-18 15:15 . 2007-12-19 12:31 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-18 15:15 . 2007-12-19 12:31 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-14 17:58 . 2007-12-20 14:03 108,336 --a------ C:\Windows\mswinsck.ocx
2007-12-13 19:52 . 2007-12-17 15:30 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\SoftMaker
2007-12-13 17:21 . 2007-12-13 17:21 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2007-12-12 20:56 . 2007-12-12 20:56 1,585,152 --a------ C:\Windows\System32\setupapi.dll
2007-12-12 17:29 . 2007-01-11 08:19 11,008 --a------ C:\Windows\System32\BUFADPT.SYS
2007-12-12 17:06 . 2007-02-22 12:00 204,800 --a------ C:\Windows\UN900119.EXE
2007-12-12 17:06 . 2007-02-20 12:26 12,332 --a------ C:\Windows\UN900119.INI
2007-12-11 17:15 . 2007-12-11 17:26 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Download Manager
2007-12-10 19:24 . 2007-12-10 19:24 <DIR> d-------- C:\Program Files\MSECache
2007-12-10 19:23 . 2007-12-10 19:23 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\ESET
2007-12-10 18:00 . 2007-12-10 18:01 32 ---hs---- C:\WIN2DOS.SYS
2007-12-10 17:59 . 2007-12-10 17:59 249,856 --------- C:\Windows\Setup1.exe
2007-12-10 17:59 . 2007-12-10 17:59 73,216 --a------ C:\Windows\ST6UNST.EXE
2007-12-10 17:55 . 2007-12-10 17:55 <DIR> d-------- C:\Program Files\Kerigwa
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\Users\All Users\Sony
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\ProgramData\Sony
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-09 14:27 . 2007-12-09 14:27 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Sony
2007-12-09 14:27 . 2007-12-09 14:27 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Publish Providers
2007-12-09 14:24 . 2007-12-09 14:25 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2007-12-07 12:39 . 2007-12-07 12:39 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\SafeIT Security
2007-12-07 12:08 . 2007-12-07 12:08 <DIR> d-------- C:\Users\All Users\Stardock
2007-12-07 12:08 . 2007-12-07 12:08 <DIR> d-------- C:\ProgramData\Stardock
2007-12-06 20:07 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\ebiqov.exe
2007-12-06 20:07 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\cqpqhu.exe
2007-12-05 17:11 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\opfern.exe
2007-12-05 17:11 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\lypzsl.exe
2007-12-05 16:26 . 2007-12-05 16:27 <DIR> d-------- C:\Users\All Users\{2A9FB16C-57EB-4D11-9A8C-018365796B33}
2007-12-05 16:26 . 2007-12-05 16:27 <DIR> d-------- C:\ProgramData\{2A9FB16C-57EB-4D11-9A8C-018365796B33}
2007-12-05 16:26 . 2007-12-05 16:26 <DIR> d-------- C:\Program Files\SafeIT Security
2007-12-05 16:26 . 2007-12-05 16:26 <DIR> d-------- C:\Program Files\Common Files\SafeIT Security
2007-12-05 16:22 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\ahgxhk.exe
2007-12-05 16:21 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\cqniml.exe
2007-12-04 18:50 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\djpjtr.exe
2007-12-03 23:29 . 2007-12-03 23:29 <DIR> d-------- C:\eJay
2007-12-03 23:17 . 2007-12-03 23:17 <DIR> d-------- C:\Users\Cormac Handy\.spss
2007-12-03 23:15 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\pbsxnn.exe
2007-12-03 23:15 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\nufzsv.exe
2007-12-03 21:19 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\aweejl.exe
2007-12-03 21:18 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\vjxmlt.exe
2007-12-03 20:48 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\hcfiwr.exe
2007-12-03 20:10 . 2007-12-03 20:10 <DIR> d-------- C:\Users\All Users\SafeNet Sentinel
2007-12-03 20:10 . 2007-12-03 20:10 <DIR> d-------- C:\ProgramData\SafeNet Sentinel
2007-12-03 20:07 . 2007-12-03 20:07 <DIR> d-------- C:\Users\All Users\SPSS
2007-12-03 20:07 . 2007-12-03 20:07 <DIR> d-------- C:\ProgramData\SPSS
2007-12-03 20:07 . 2007-12-03 20:07 <DIR> d-------- C:\Program Files\SPSSInc
2007-12-03 20:07 . 2007-12-03 20:07 <DIR> d-------- C:\Program Files\Common Files\SPSS
2007-12-03 20:00 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\gmwpfq.exe
2007-12-03 20:00 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\bsergt.exe
2007-12-02 21:45 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\onkzmy.exe
2007-12-02 21:45 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\khdxko.exe
2007-12-02 20:25 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\pxoasx.exe
2007-12-02 20:25 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\orobpf.exe
2007-12-02 20:03 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\nglxpg.exe
2007-12-02 20:03 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\laacmn.exe
2007-12-02 18:14 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\tbjbzk.exe
2007-12-02 18:14 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\lpagbm.exe
2007-12-02 17:13 . 2007-12-02 17:18 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Windows Live Writer
2007-12-02 16:45 . 2007-12-02 16:45 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\PC-FAX TX
2007-12-02 16:44 . 2007-12-02 16:44 <DIR> d-------- C:\Users\All Users\WLInstaller
2007-12-02 16:44 . 2007-12-02 16:44 <DIR> d-------- C:\ProgramData\WLInstaller
2007-12-02 16:44 . 2007-12-02 17:10 <DIR> d-------- C:\Program Files\Windows Live
2007-12-02 16:44 . 2007-12-02 17:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-02 12:09 . 2007-12-04 18:57 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-02 12:09 . 2007-12-02 12:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-01 15:50 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\wuipmz.exe
2007-12-01 15:50 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\tcrkoq.exe
2007-12-01 15:12 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\qupjml.exe
2007-12-01 15:12 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\nmiujv.exe
2007-12-01 06:19 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\remkpc.exe
2007-12-01 06:19 . 2007-10-13 10:11 811,008 -r-hs---- C:\Windows\System32\rajfmf.exe
2007-11-30 12:12 . 2007-11-30 12:40 <DIR> d-------- C:\Users\All Users\OrbNetworks
2007-11-30 12:12 . 2007-11-30 12:40 <DIR> d-------- C:\ProgramData\OrbNetworks
2007-11-30 12:12 . 2007-12-01 15:12 <DIR> d-------- C:\Program Files\Winamp Remote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-24 21:18 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\uTorrent
2007-12-24 17:58 --------- d---a-w C:\ProgramData\TEMP
2007-12-23 17:49 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\Vso
2007-12-20 13:52 --------- d-----w C:\Program Files\SetPoint
2007-12-20 01:00 81,984 ----a-w C:\Windows\System32\bdod.bin
2007-12-19 16:46 --------- d-----w C:\Program Files\RegistryFix
2007-12-18 15:23 --------- d-----w C:\ProgramData\ashampoo
2007-12-14 16:39 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\EndNote
2007-12-14 16:32 --------- d-----w C:\Program Files\EndNote X
2007-12-13 09:28 --------- d-----w C:\Program Files\uTorrent
2007-12-13 03:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 03:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 03:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 17:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 17:37 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 17:37 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 17:37 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 17:37 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-12 17:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 17:37 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 17:37 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 17:37 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-10 19:21 --------- d-----w C:\ProgramData\Eset
2007-12-09 15:13 --------- d-----w C:\Program Files\Sony
2007-12-09 15:12 --------- d-----w C:\Program Files\Sony Setup
2007-12-09 14:25 47,360 ----a-w C:\Users\Cormac Handy\AppData\Roaming\pcouffin.sys
2007-12-05 16:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2007-12-03 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 19:53 --------- d-----w C:\Program Files\LG Software Innovations
2007-12-01 19:34 --------- d-----w C:\Program Files\Wondershare
2007-11-23 19:38 --------- d-----w C:\Program Files\iTunes
2007-11-23 19:38 --------- d-----w C:\Program Files\iPod
2007-11-23 19:35 --------- d-----w C:\Program Files\Ontrack
2007-11-23 19:22 --------- d-----w C:\Program Files\vso
2007-11-23 00:25 --------- d-----w C:\ProgramData\FLEXnet
2007-11-23 00:25 --------- d-----w C:\Program Files\Vision-it
2007-11-23 00:25 --------- d-----w C:\Program Files\QuickTime Alternative
2007-11-22 23:33 --------- d-----w C:\Program Files\Sitecom
2007-11-21 23:43 --------- d-----w C:\Program Files\QuickTime
2007-11-21 23:27 --------- d-----w C:\ProgramData\Apple Computer
2007-11-20 00:15 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\SUPERAntiSpyware.com
2007-11-20 00:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 20:24 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-18 03:01 --------- d-----w C:\Program Files\Windows Mail
2007-11-16 20:11 --------- d-----w C:\ProgramData\Avg7
2007-11-16 18:36 --------- d-----w C:\ProgramData\RFA_Backups
2007-11-16 17:46 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\iExpert Software
2007-11-16 15:40 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\Apple Computer
2007-11-16 15:10 --------- d-----w C:\Program Files\Bonjour
2007-11-14 15:06 30,728 ----a-w C:\Windows\system32\drivers\epfwtdir.sys
2007-11-14 15:04 27,656 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-11-14 15:03 33,800 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-11-14 10:47 298,104 ----a-w C:\Windows\System32\imon.dll
2007-11-13 19:59 --------- d-----w C:\Program Files\Nero
2007-11-13 19:59 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-13 19:59 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-12 22:23 --------- d-----w C:\Program Files\Roxio
2007-11-12 22:23 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-12 22:23 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-12 22:21 --------- d-----w C:\Program Files\InterActual
2007-11-12 10:03 468,480 ----a-w C:\Windows\system32\drivers\netr73.sys
2007-11-10 11:44 102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2007-11-07 21:35 1,161,248 --sha-w C:\Windows\system32\drivers\fidbox(241).dat
2007-11-07 20:50 7,988 --sha-w C:\Windows\system32\drivers\fidbox(242).idx
2007-11-07 10:07 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\Lavasoft
2007-11-06 23:09 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2007-11-06 22:56 --------- d-----w C:\ProgramData\McAfee
2007-11-06 22:11 --------- d-----w C:\ProgramData\SiteAdvisor
2007-11-06 14:55 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-06 14:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-06 14:55 --------- d-----w C:\Program Files\Windows Journal
2007-11-06 14:55 --------- d-----w C:\Program Files\Windows Defender
2007-11-06 14:55 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-06 14:39 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\VersionTracker Pro
2007-11-06 14:39 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\EFSoftware
2007-11-06 14:38 --------- d--h--w C:\ProgramData\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2007-11-06 14:37 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-11-06 14:37 --------- d-----w C:\Program Files\ScanSoft
2007-11-06 14:36 --------- d-----w C:\Program Files\PowerISO
2007-11-06 14:36 --------- d-----w C:\Program Files\Picasa2
2007-11-06 14:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-06 14:35 --------- d-----w C:\Program Files\MagicISO
2007-11-06 14:35 --------- d-----w C:\Program Files\MagicDisc
2007-11-06 14:35 --------- d-----w C:\Program Files\Inbox
2007-11-06 14:35 --------- d-----w C:\Program Files\ffdshow
2007-11-06 14:35 --------- d-----w C:\Program Files\Eraser
2007-11-06 14:35 --------- d-----w C:\Program Files\DivX
2007-11-06 14:35 --------- d-----w C:\Program Files\DellSupport
2007-11-06 14:35 --------- d-----w C:\Program Files\Delete Duplicate Files
2007-11-06 14:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-06 14:35 --------- d-----w C:\Program Files\Common Files\SightSpeed
2007-11-06 14:34 --------- d-----w C:\Program Files\Common Files\Risxtd
2007-11-06 14:34 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2007-11-06 14:34 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-11-06 14:33 --------- d-----w C:\Program Files\Apple Software Update
2007-11-04 02:11 2,713,120 --sha-w C:\Windows\system32\drivers\fidbox(50344).dat
2007-11-03 14:20 3,356 --sha-w C:\Windows\system32\drivers\fidbox(50345).idx
2007-10-31 14:09 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2007-10-30 12:41 --------- d-----w C:\ProgramData\Acronis
2007-10-26 19:28 --------- d-----w C:\Users\Cormac Handy\AppData\Roaming\iTSync
2006-11-02 08:35 11,236,973 --sh--w C:\Windows\msmg.exe
2007-09-04 16:13 56 --sha-r C:\Windows\System32\F180BC5369.sys
2007-09-04 16:13 2,098 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520}]
2007-12-21 21:34 249856 --a------ C:\Windows\oggview.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 18:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2005-02-16 15:15]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-08-23 20:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-10 01:39]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 19:15]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 17:10]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 00:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2005-02-16 15:15]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 18:15 C:\Windows\KHALMNPR.Exe]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 12:20]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 19:20]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 13:51]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-08-20 10:52 C:\Windows\System32\Ctxfihlp.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 09:45]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 09:24]
"ScanSoft OmniPage 16-reminder"="C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 08:50]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2007-06-29 05:24]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 18:09]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 00:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-12-20 13:51:42]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders credssp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

R1 BUFADPT;BUFADPT;C:\Windows\system32\BUFADPT.SYS [2007-01-11 08:19]
R1 easdrv;easdrv;C:\Windows\system32\DRIVERS\easdrv.s ys [2007-11-14 15:04]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfw tdir.sys [2007-11-14 15:06]
R2 eamon;EAMON;C:\Windows\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-14 15:05]
R2 perfmons;perfmons Service;C:\Windows\system32\perfs.exe [2006-11-02 09:46]
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2007-12-20 00:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter []
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\Windows\system32\Drivers\BrSerIf.sys [2006-09-03 08:53]
R3 Epfwndis;Eset Personal Firewall;C:\Windows\system32\DRIVERS\Epfwndis.sys [2007-10-25 09:27]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-08-20 12:18]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-04 12:54]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-11-14 15:07]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-07-20 05:20]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-11-12 10:03]
S3 USBAAPL;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl.sys [2007-10-31 14:09]
S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 08:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{24e359e2-8241-11dc-a626-0016e3339c6b}]
\shell\Auto\command - Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9f032824-b182-11dc-92c8-0016e3339c6b}]
\shell\AutoRun\command - P:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CAC7B150-B41B-B8F0-F160-F2F006DD303D}]
C:\Windows\msmg.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 03:00:00 C:\Windows\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
and heres my HiJackthis log too

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44, on 2007-12-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\Windows\oggview.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9061 bytes


Hope your having a great Christmas

Thanks
Macndaz
  #4  
Old 12-27-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: msmg & SSBkgUpdate annoyance
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: OGG Viewer - {7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520} - C:\Windows\oggview.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe


Reboot..............
====================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

KillAll::
File::
C:\ProgramData.LOG2
C:\ProgramData.LOG1
C:\WIN2DOS.SYS
C:\Windows\System32\ebiqov.exe
C:\Windows\System32\cqpqhu.exe
C:\Windows\System32\opfern.exe
C:\Windows\System32\lypzsl.exe
C:\Windows\System32\ahgxhk.exe
C:\Windows\System32\cqniml.exe
C:\Windows\System32\djpjtr.exe
C:\Windows\System32\pbsxnn.exe
C:\Windows\System32\nufzsv.exe
C:\Windows\System32\aweejl.exe
C:\Windows\System32\vjxmlt.exe
C:\Windows\System32\hcfiwr.exe
C:\Windows\System32\gmwpfq.exe
C:\Windows\System32\bsergt.exe
C:\Windows\System32\onkzmy.exe
C:\Windows\System32\khdxko.exe
C:\Windows\System32\pxoasx.exe
C:\Windows\System32\orobpf.exe
C:\Windows\System32\nglxpg.exe
C:\Windows\System32\laacmn.exe
C:\Windows\System32\tbjbzk.exe
C:\Windows\System32\lpagbm.exe
C:\Windows\System32\wuipmz.exe
C:\Windows\System32\tcrkoq.exe
C:\Windows\System32\qupjml.exe
C:\Windows\System32\nmiujv.exe
C:\Windows\System32\remkpc.exe
C:\Windows\System32\rajfmf.exe
C:\Windows\oggview.dll
C:\Windows\oggview.dll
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe

Folder::
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB85EC7-22E7-4B5D-89DA-A9EBD1AF3520}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 12-28-2007
macndaz's Avatar
Bronze Member
My PC
 
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
macndaz - See this Members User comments on their Profile page
Default Re: msmg & SSBkgUpdate annoyance
Hi Pancake.
Latest Log Files..thanks for all this help. hope I carried it out correctly.

ComboFix 07-12-21.4 - Cormac Handy 2007-12-28 15:08:37.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2096 [GMT 0:00]
Running from: C:\Users\Cormac Handy\Downloads\ComboFix.exe
Command switches used :: C:\Users\Cormac Handy\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\ProgramData.LOG1
C:\ProgramData.LOG2
C:\WIN2DOS.SYS
C:\Windows\oggview.dll
C:\Windows\System32\ahgxhk.exe
C:\Windows\System32\aweejl.exe
C:\Windows\System32\bsergt.exe
C:\Windows\System32\cqniml.exe
C:\Windows\System32\cqpqhu.exe
C:\Windows\System32\djpjtr.exe
C:\Windows\System32\ebiqov.exe
C:\Windows\System32\gmwpfq.exe
C:\Windows\System32\hcfiwr.exe
C:\Windows\System32\khdxko.exe
C:\Windows\System32\laacmn.exe
C:\Windows\System32\lpagbm.exe
C:\Windows\System32\lypzsl.exe
C:\Windows\System32\nglxpg.exe
C:\Windows\System32\nmiujv.exe
C:\Windows\System32\nufzsv.exe
C:\Windows\System32\onkzmy.exe
C:\Windows\System32\opfern.exe
C:\Windows\System32\orobpf.exe
C:\Windows\System32\pbsxnn.exe
C:\Windows\system32\perfs.exe
C:\Windows\System32\pxoasx.exe
C:\Windows\System32\qupjml.exe
C:\Windows\System32\rajfmf.exe
C:\Windows\System32\remkpc.exe
C:\Windows\system32\routing.exe
C:\Windows\System32\tbjbzk.exe
C:\Windows\System32\tcrkoq.exe
C:\Windows\System32\vjxmlt.exe
C:\Windows\System32\wuipmz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData.LOG1
C:\ProgramData.LOG2
C:\WIN2DOS.SYS
C:\Windows\System32\ahgxhk.exe
C:\Windows\System32\aweejl.exe
C:\Windows\System32\bsergt.exe
C:\Windows\System32\cqniml.exe
C:\Windows\System32\cqpqhu.exe
C:\Windows\System32\djpjtr.exe
C:\Windows\System32\ebiqov.exe
C:\Windows\System32\gmwpfq.exe
C:\Windows\System32\hcfiwr.exe
C:\Windows\System32\khdxko.exe
C:\Windows\System32\laacmn.exe
C:\Windows\System32\lpagbm.exe
C:\Windows\System32\lypzsl.exe
C:\Windows\System32\nglxpg.exe
C:\Windows\System32\nmiujv.exe
C:\Windows\System32\nufzsv.exe
C:\Windows\System32\onkzmy.exe
C:\Windows\System32\opfern.exe
C:\Windows\System32\orobpf.exe
C:\Windows\System32\pbsxnn.exe
C:\Windows\system32\perfs.exe
C:\Windows\System32\pxoasx.exe
C:\Windows\System32\qupjml.exe
C:\Windows\System32\rajfmf.exe
C:\Windows\System32\remkpc.exe
C:\Windows\system32\routing.exe
C:\Windows\System32\tbjbzk.exe
C:\Windows\System32\tcrkoq.exe
C:\Windows\System32\vjxmlt.exe
C:\Windows\System32\wuipmz.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 12:33 . 2007-12-27 12:33 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Webroot
2007-12-27 12:33 . 2007-12-27 12:33 <DIR> d-------- C:\Users\All Users\Webroot
2007-12-27 12:33 . 2007-12-27 12:33 <DIR> d-------- C:\ProgramData\Webroot
2007-12-27 12:33 . 2007-12-27 12:33 <DIR> d-------- C:\Program Files\Webroot
2007-12-27 12:33 . 2007-10-01 16:40 1,526,072 --a------ C:\Windows\WRSetup.dll
2007-12-27 12:33 . 2007-10-01 16:24 163,640 --a------ C:\Windows\System32\drivers\ssidrv.sys
2007-12-27 12:33 . 2007-10-01 16:24 23,864 --a------ C:\Windows\System32\drivers\sskbfd.sys
2007-12-27 12:33 . 2007-10-01 16:24 21,816 --a------ C:\Windows\System32\drivers\sshrmd.sys
2007-12-27 12:33 . 2007-10-01 16:24 20,280 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2007-12-25 12:29 . 2007-12-25 12:32 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\CopyToDvd
2007-12-24 16:35 . 2007-12-24 21:55 <DIR> d-------- C:\Program Files\Net Tools
2007-12-23 18:20 . 2007-12-23 18:20 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\U3
2007-12-22 13:04 . 2007-12-22 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Simply Super Software
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\Users\All Users\Simply Super Software
2007-12-22 12:23 . 2007-12-22 12:23 <DIR> d-------- C:\ProgramData\Simply Super Software
2007-12-22 12:23 . 2007-12-24 18:23 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-22 12:23 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2007-12-22 12:23 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2007-12-22 12:23 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2007-12-22 12:23 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2007-12-22 12:23 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2007-12-21 21:28 . 2007-12-27 12:29 14,651,472 --a------ C:\Windows\System32\sspsetup1_60786.exe
2007-12-21 18:52 . 2006-05-10 21:36 196,608 --a------ C:\Windows\System32\UpdateDriver.exe
2007-12-21 18:52 . 2006-07-20 19:06 525 --a------ C:\Windows\System32\ucuiinfo.ini
2007-12-20 00:44 . 2007-12-24 11:35 253,440 --a------ C:\Windows\System32\ndt2.sys
2007-12-20 00:44 . 2007-12-20 00:44 45,056 --a------ C:\Windows\System32\Indt2.sys
2007-12-20 00:44 . 2007-12-20 00:44 40 --a------ C:\Windows\System32\drmgs.sys
2007-12-19 18:16 . 2007-12-20 10:17 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-12-18 15:23 . 2007-12-18 15:23 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-18 15:15 . 2007-12-19 12:31 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-18 15:15 . 2007-12-19 12:31 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-14 17:58 . 2007-12-20 14:03 108,336 --a------ C:\Windows\mswinsck.ocx
2007-12-13 19:52 . 2007-12-17 15:30 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\SoftMaker
2007-12-13 17:21 . 2007-12-13 17:21 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2007-12-12 20:56 . 2007-12-12 20:56 1,585,152 --a------ C:\Windows\System32\setupapi.dll
2007-12-12 17:29 . 2007-01-11 08:19 11,008 --a------ C:\Windows\System32\BUFADPT.SYS
2007-12-12 17:06 . 2007-02-22 12:00 204,800 --a------ C:\Windows\UN900119.EXE
2007-12-12 17:06 . 2007-02-20 12:26 12,332 --a------ C:\Windows\UN900119.INI
2007-12-11 17:15 . 2007-12-11 17:26 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Download Manager
2007-12-10 19:24 . 2007-12-10 19:24 <DIR> d-------- C:\Program Files\MSECache
2007-12-10 19:23 . 2007-12-10 19:23 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\ESET
2007-12-10 17:59 . 2007-12-10 17:59 249,856 --------- C:\Windows\Setup1.exe
2007-12-10 17:59 . 2007-12-10 17:59 73,216 --a------ C:\Windows\ST6UNST.EXE
2007-12-10 17:55 . 2007-12-10 17:55 <DIR> d-------- C:\Program Files\Kerigwa
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\Users\All Users\Sony
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\ProgramData\Sony
2007-12-10 17:52 . 2007-12-10 17:52 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-09 14:27 . 2007-12-09 14:27 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Sony
2007-12-09 14:27 . 2007-12-09 14:27 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\Publish Providers
2007-12-09 14:24 . 2007-12-09 14:25 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2007-12-07 12:39 . 2007-12-07 12:39 <DIR> d-------- C:\Users\Cormac Handy\AppData\Roaming\SafeIT Security
2007-12-07 12:08 . 2007-12-07 12:08 <DIR> d-------- C:\Users\All Users\Stardock
2007-12-07 12:08 . 2007-12-07 12:08 <DIR> d-------- C:\ProgramData\Stardock
2007-12-03 23:29 . 2007-12-03 23:29 <DIR> d-------- C:\eJay
2007-12-03 23:17 . 2007-12-03 23:17 <DIR> d-------- C:\Users\Cormac Handy\.spss
2007-12-03 20:10 . 2007-12-03 20:10 <DIR> d-------- C:\Users\All Users\SafeNet Sentinel
2007-12-03 20:10 . 2007-12-03 20:10 <DIR>