HijackThis log file

[vet069]

My stepdaughters downloaded the Web Search Zwinky toolbar and I've had issues all morning trying to get rid of the virus alerts that keep popping up. I've followed recommended instructions and installed HijackThis, then removed the programs, folders etc.

This is my current log file, but not being too much of a tecchie I'm not sure which ones are good and which ones are bad, so any help would be greatly appreciated!

---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:25 PM, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121568464234
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://isvprod1.landonline.com.au/ecwplugins/ncs.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (UpdateAdvisor Control) - http://www.cyberlink.com/multi/patch...ateAdvisor.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11424 bytes

[Train]

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Above layout courtesy of Broni

[vet069]

Hi, thanks for your help with this.

I ran Malwarebytes and this is the log file:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4311

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14/07/2010 12:03:02 PM
mbam-log-2010-07-14 (12-03-02).txt

Scan type: Quick scan
Objects scanned: 228282
Time elapsed: 26 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts\Data\Yvette (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Temp\0.7165777884904917.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts\Data\Yvette\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts\Data\Yvette\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\FunWebProducts\Data\Yvette\zevents.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

I then downloaded and ran GMER but it ran for over 12 hours then froze the computer, so I couldn't save the log file. When I rebooted the computer it did a diskcheck (blue screen) and appeared to start as normal.

I then ran Hijack This and this is the log from that:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:42 AM, on 15/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.9-delta.exe
c:\adb8c8b407ab733aa2d544d975a6\mrtstub.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121568464234
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://isvprod1.landonline.com.au/ecwplugins/ncs.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (UpdateAdvisor Control) - http://www.cyberlink.com/multi/patch...ateAdvisor.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11596 bytes

So do you think I might be pretty clean now??

Thanks again for your help.....

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[vet069]

Hello - thanks again for your help with this!!

I've completed the Combofix scan, the log of which is below.....can you please let me know if there is anything else I need to do? Thanks!

------------------------------------------------------

ComboFix 10-07-14.01 - Yvette 15/07/2010 12:42:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.511.158 [GMT 8:00]
Running from: c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\YVETTE~1.YVE\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Temporary Internet Files\1PF5H3.jpg
c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Temporary Internet Files\38YwEpJk.jpg
c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Temporary Internet Files\Lx1L7.jpg
c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Temporary Internet Files\t515kI.jpg
c:\windows\system32\Cache
c:\windows\system32\Temp
c:\windows\system32\zip32.dll
c:\windows\xpsp1hfm.log

c:\windows\system32\dvdplay.exe . . . is infected!!

c:\windows\system32\usrprbda.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-14 03:34 . 2010-07-14 03:34 -------- d-----w- c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Application Data\Malwarebytes
2010-07-14 03:34 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 03:34 . 2010-07-14 03:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-14 03:34 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 03:34 . 2010-07-14 03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 02:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 05:02 . 2010-07-12 05:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-12 02:44 . 2010-07-12 02:44 -------- d-----w- c:\program files\Trend Micro
2010-06-25 10:22 . 2010-06-25 10:24 -------- d-----w- c:\program files\iTunes
2010-06-25 10:05 . 2010-06-25 10:05 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 04:15 . 2009-09-05 03:40 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-07-14 03:16 . 2006-07-08 09:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-12 02:44 . 2010-07-12 02:44 388096 ----a-r- c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-25 10:23 . 2006-04-25 02:14 -------- d-----w- c:\program files\iPod
2010-06-25 10:23 . 2007-11-24 08:27 -------- d-----w- c:\program files\Common Files\Apple
2010-06-25 09:59 . 2010-06-25 09:59 72504 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2005-07-13 14:52 744448 ------w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-09 00:31 . 2010-03-17 12:46 192 ----a-w- c:\windows\UDB.zip
2010-06-09 00:31 . 2010-03-17 12:46 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-09 00:31 . 2010-03-17 12:46 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-06-09 00:31 . 2010-03-17 12:46 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-06-09 00:31 . 2010-03-17 12:46 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 10:48 . 2009-10-06 12:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-18 08:35 . 2010-05-18 08:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 08:35 . 2010-05-18 08:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 12:47 . 2009-11-14 09:05 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 12:47 . 2007-11-24 08:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 16:09 . 2005-04-27 02:54 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-11-15 12:21 . 2006-11-15 12:21 22941 ----a-w- c:\program files\uninstal.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-10-19 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-19 169472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Yvette.YVETTE-NA0W6OAF^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-09 17:04 118837 ------w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ------w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
2003-01-10 04:08 32768 ------w- c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 08:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 08:50 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-10-19 11:51 16384 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 13:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 11:42 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-02 19:52 36975 ------w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\WTK23\\bin\\emulator.exe"=
"c:\\j2sdk1.4.2_11\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\j2sdk1.4.2_11\\jre\\bin\\java.exe"=
"c:\\Documents and Settings\\Yvette.YVETTE-NA0W6OAF\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\emulator.exe"=
"c:\\Documents and Settings\\Yvette.YVETTE-NA0W6OAF\\.netbeans\\5.0\\emulators\\wtk22_win\\emulator\\wtk22\\bin\\zayit.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Inetpub\\wwwroot\\xampp\\apache\\bin\\apache.exe"=
"c:\\Inetpub\\wwwroot\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17/03/2010 8:44 PM 207280]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/09/2007 9:29 PM 8576]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [17/03/2010 8:46 PM 198608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [19/08/2008 6:25 PM 93320]
R3 ECTIVA;ECTIVA Audio 5.1 (WDM);c:\windows\system32\drivers\ECTIVA.sys [17/07/2005 10:34 AM 1124864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13/09/2008 1:11 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13/09/2008 1:11 PM 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/03/2010 8:43 PM 365280]
.
Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.news.com.au/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab
FF - ProfilePath - c:\documents and settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.news.com.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Spyware Doctor\BDT\FireFox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-SpySweeper - c:\docume~1\YVETTE~1.YVE\LOCALS~1\Temp\SpySweeper\SpySweeper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 13:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(764)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-15 13:14:51
ComboFix-quarantined-files.txt 2010-07-15 05:14

Pre-Run: 47,865,532,416 bytes free
Post-Run: 49,920,946,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 86A8E194C61056E48BBAC66135A073B0

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\dvdplay.exe
- c:\windows\system32\usrprbda.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

==============================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  
  Code:

  :filefind
  usrprbda.exe
  dvdplay.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[vet069]

Hello again again - here are the results of all three steps:

1. dvdplay.exe scan:

File dvdplay.exe received on 2010.07.19 02:20:07 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.19 -
AhnLab-V3 2010.07.18.00 2010.07.18 -
AntiVir 8.2.4.12 2010.07.18 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.19 -
Avast 4.8.1351.0 2010.07.19 -
Avast5 5.0.332.0 2010.07.19 -
AVG 9.0.0.836 2010.07.18 -
BitDefender 7.2 2010.07.19 -
CAT-QuickHeal 11.00 2010.07.19 -
ClamAV 0.96.0.3-git 2010.07.19 -
Comodo 5471 2010.07.19 -
DrWeb 5.0.2.03300 2010.07.19 -
eSafe 7.0.17.0 2010.07.18 -
eTrust-Vet None 2010.07.16 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.19 -
Fortinet 4.1.143.0 2010.07.18 -
GData 21 2010.07.19 -
Ikarus T3.1.1.84.0 2010.07.19 -
Jiangmin 13.0.900 2010.07.18 -
Kaspersky 7.0.0.125 2010.07.19 -
McAfee 5.400.0.1158 2010.07.19 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.18 -
NOD32 5290 2010.07.19 -
Norman 6.05.11 2010.07.18 -
nProtect 2010-07-18.02 2010.07.18 -
Panda 10.0.2.7 2010.07.18 -
PCTools 7.0.3.5 2010.07.19 -
Prevx 3.0 2010.07.19 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.18 -
Sunbelt 6601 2010.07.19 -
SUPERAntiSpyware 4.40.0.1006 2010.07.19 -
Symantec 20101.1.1.7 2010.07.19 -
TheHacker 6.5.2.1.318 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.19 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.18 -
VirusBuster 5.0.27.0 2010.07.18 -
Additional information
File size: 55296 bytes
MD5...: 86a14547acaf769c4893428306310046
SHA1..: 8576ee9bf9feeab2482782ff2b1bf5d580e24a75
SHA256: 7e7a07cb5e15d4d75ecddab223571d3e87d3a79a97d00491f0aa4851763c0190
ssdeep: 384:lsGfbZTsqUhi4tA0nvJNGeKAb+iYXaE40KY+/rreeLmV8hgAgvUhssDXpwRM
Xho/:ySZTrB9MRXXzTaVCFBDZ9Xhce2rbn
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11f9
timedatestamp.....: 0x3b7d84d0 (Fri Aug 17 20:55:44 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x64c 0x800 5.13 f83ce57235e21fae71b6be1d2ed165bb
.data 0x2000 0x28 0x200 0.02 9475a59226943a3ad422e18169989f66
.rsrc 0x3000 0xc880 0xca00 3.86 b7bdd3570f2095b65b2b72a233d32f03

( 3 imports )
> msvcrt.dll: __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _initterm, _controlfp, _except_handler3, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, __set_app_type, _c_exit
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA
> KERNEL32.dll: CreateProcessA, SearchPathA, GetModuleHandleA, GetStartupInfoA

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....:
copyright....: Copyright (C) 2001
product......: dvdplay Application
description..: dvdplay placeholder Application
original name: dvdplay.EXE
internal name: dvdplay
file version.: 1, 0, 0, 2
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_res...021223-0550-99

2. usrprbda.exe scan:

File usrprbda.exe received on 2010.07.19 02:05:49 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Email:

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.19 -
AhnLab-V3 2010.07.18.00 2010.07.18 -
AntiVir 8.2.4.12 2010.07.18 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.19 -
Avast 4.8.1351.0 2010.07.19 -
Avast5 5.0.332.0 2010.07.19 -
AVG 9.0.0.836 2010.07.18 -
BitDefender 7.2 2010.07.19 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.19 -
Comodo 5471 2010.07.19 -
DrWeb 5.0.2.03300 2010.07.19 -
eSafe 7.0.17.0 2010.07.18 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.19 -
Fortinet 4.1.143.0 2010.07.18 -
GData 21 2010.07.19 -
Ikarus T3.1.1.84.0 2010.07.19 -
Jiangmin 13.0.900 2010.07.18 -
Kaspersky 7.0.0.125 2010.07.19 -
McAfee 5.400.0.1158 2010.07.19 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.18 -
NOD32 5290 2010.07.19 -
Norman 6.05.11 2010.07.18 -
nProtect 2010-07-18.02 2010.07.18 -
Panda 10.0.2.7 2010.07.18 -
PCTools 7.0.3.5 2010.07.19 -
Prevx 3.0 2010.07.19 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.18 -
Sunbelt 6601 2010.07.19 -
SUPERAntiSpyware 4.40.0.1006 2010.07.19 -
Symantec 20101.1.1.7 2010.07.19 -
TheHacker 6.5.2.1.318 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.19 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.18 -
VirusBuster 5.0.27.0 2010.07.18 -
Additional information
File size: 61508 bytes
MD5...: 23d6c78d6e51a1107cb6e465031d87b9
SHA1..: 9dc3ec7974cb310bd22c81c6e1fc89ca857b4b35
SHA256: a3a28acbe20f9a6bcae2fb8c49d4e1270013a433544997a20acf57bfe1c53f78
ssdeep: 768:fieHaia+INATIVN7vza3qdCuPfkPGb5ZQEu15Cs4BkPCJao1asB3Z:KeHm+0
ATITb9PsCQEu1YBBkP5o1LB3Z
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1860
timedatestamp.....: 0x3a351632 (Mon Dec 11 18:00:18 2000)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x82a6 0x9000 6.27 4af8fe00ecd32750c610b0dbce1771cc
.rdata 0xa000 0x1378 0x2000 3.90 9ca9b0e77b4966777a885c68f37d56b6
.data 0xc000 0x1764 0x2000 2.18 60c0bdacddcbd8827e0be67acb2cd46f
.rsrc 0xe000 0x438 0x1000 1.11 64b165cdcb910038d837759f45fae972

( 1 imports )
> KERNEL32.dll: GetCurrentThreadId, OpenProcess, WaitForSingleObject, CreateProcessA, ReadProcessMemory, InterlockedDecrement, InterlockedIncrement, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FatalAppExitA, Sleep, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, HeapAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, CloseHandle, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, GetCurrentThread, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetCPInfo, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetVersionExA, GetStringTypeA, GetStringTypeW, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, GetTimeZoneInformation, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_res...021223-0550-99
sigcheck:
publisher....: U.S. Robotics Corporation
copyright....: Copyright (C) (c) 2000 U.S. Robotics Corporation
product......: U.S. Robotics modem
description..: U.S. Robotics enable/disable probe
original name: probedis.exe
internal name: probedis.exe
file version.: 4. 11. 21
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

3. SystemLook scan:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:15 on 19/07/2010 by Yvette (Administrator - Elevation successful)

========== filefind ==========

Searching for "usrprbda.exe"
C:\WINDOWS\system32\usrprbda.exe --a--- 61508 bytes [22:37 17/08/2001] [12:00 31/03/2003] 23D6C78D6E51A1107CB6E465031D87B9

Searching for "dvdplay.exe"
C:\WINDOWS\system32\dvdplay.exe --a--- 55296 bytes [22:36 17/08/2001] [12:00 31/03/2003] 86A14547ACAF769C4893428306310046

-=End Of File=-

[Broni]

Good
It looks like false alarm from Combofix.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

[vet069]

Hi - I've uninstalled Combofix, but when I go to the URL to download OTL it gives me a "403 access forbidden" message. Is this available to download anywhere else?

[Train]

It is working now, they had server problems and seems to be fixed now.

May need to download it with a different computer and transfer it

[Broni]

Yup, the hosting server was down for couple of days.
It's working now.

[vet069]

Hi - sorry for the delay in reply, I have completed the scans but they're too long to paste here - I've attached the txt files....

ThanksOTL.Txt

Extras.Txt

[Broni]

Please, always paste all logs into your reply...

OTL logfile created on: 3/08/2010 7:41:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

511.00 Mb Total Physical Memory | 364.00 Mb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 49.77 Gb Free Space | 33.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YVETTE-NA0W6OAF
Current User Name: Yvette
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/03 19:39:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 08:31:01 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 08:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 08:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2007/02/22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007/01/18 12:20:26 | 000,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
PRC - [2006/12/19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/28 14:12:12 | 000,222,720 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006/10/19 19:51:37 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2004/03/18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/01/10 12:07:32 | 000,102,400 | ---- | M] (Intel Corp.) -- C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe


========== Modules (SafeList) ==========

MOD - [2010/08/03 19:39:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/10/19 19:51:37 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Local Settings\TempIadHide3.dll
MOD - [2004/03/18 09:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 09:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/03/18 09:26:12 | 000,005,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\KbdHook.dll
MOD - [2004/01/08 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/09 08:31:01 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/04/14 08:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 08:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/01/10 12:07:32 | 000,102,400 | ---- | M] (Intel Corp.) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe -- (imonNT) Intel(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\YVETTE~1.YVE\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/02/01 16:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 16:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/02/22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2004/08/03 21:36:50 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2004/03/10 01:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/10 01:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/10 01:04:00 | 000,085,204 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/10 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/10 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/10 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/10 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/10 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/10 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/19 03:21:00 | 000,086,064 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2004/02/12 11:26:40 | 001,124,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ECTIVA.sys -- (ECTIVA) ECTIVA Audio 5.1 (WDM)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/13 11:47:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/11/13 11:47:28 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/11/13 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2003/10/15 04:10:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2003/01/10 12:05:10 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/01/10 12:04:46 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)
DRV - [2002/10/23 09:05:06 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel(R)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.news.com.au/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.1
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 18:24:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/06/15 15:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 19:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 19:45:48 | 000,000,000 | ---D | M]

[2008/08/28 07:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Extensions
[2010/08/03 18:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\extensions
[2009/09/05 15:45:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/02 13:11:44 | 000,005,500 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\searchplugins\foodtv.xml
[2008/06/21 11:05:46 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\searchplugins\IMDB.xml
[2010/07/11 11:53:13 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\searchplugins\mywebsearch.xml
[2008/06/21 11:05:46 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Mozilla\Firefox\Profiles\nnxsrq23.default\searchplugins\wikipedia.xml
[2008/08/28 07:38:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 21:27:14 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

[Broni]

O1 HOSTS File: ([2010/07/15 13:02:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/...oUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/...toUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1121568464234 (WUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\TempEI4\EI40_\msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/multi/patch...ateAdvisor.cab (UpdateAdvisor Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\My Pictures\Yvette's Pictures\Timmy\Timmy.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\My Pictures\Yvette's Pictures\Timmy\Timmy.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/21 20:10:27 | 000,000,020 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:35:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 19:39:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\OTL.exe
[2010/08/03 18:36:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/15 16:25:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/15 13:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/15 12:24:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/15 12:19:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/15 12:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/14 11:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Malwarebytes
[2010/07/14 11:34:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/14 11:34:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/14 11:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/14 11:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/14 11:32:59 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\mbam-setup-1.46.exe
[2010/07/12 13:02:19 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/12 10:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/25 18:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/25 18:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2005/10/31 20:12:31 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2005/07/17 10:34:10 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004/08/03 22:12:36 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/03 19:39:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\OTL.exe
[2010/08/03 18:02:23 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 17:57:57 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2010/08/03 17:57:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 17:57:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 21:50:48 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\NTUSER.DAT
[2010/08/02 21:50:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\ntuser.ini
[2010/07/25 12:45:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 16:48:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/19 10:10:10 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\SystemLook.exe
[2010/07/15 13:03:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/15 13:02:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/15 12:24:13 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/14 11:34:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/14 11:33:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\mbam-setup-1.46.exe
[2010/07/12 14:36:16 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\HiJackThis.lnk
[2010/07/12 13:01:58 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/12 12:31:47 | 000,187,904 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 19:32:27 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ZoomBrowser EX.lnk
[2010/06/25 18:24:50 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/06/24 20:08:07 | 000,573,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 20:08:07 | 000,493,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 20:08:07 | 000,089,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 21:05:30 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 20:47:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 20:43:28 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 20:34:01 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/09 08:31:09 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/09 08:31:09 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/09 08:31:09 | 000,000,192 | ---- | M] () -- C:\WINDOWS\UDB.zip
[2010/06/09 08:31:08 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/09 08:31:07 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 10:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/08 08:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/05/26 21:59:52 | 000,016,704 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\budgetdata.CSV
[2010/05/26 18:44:07 | 000,011,128 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\budget.CSV
[2010/05/26 18:32:25 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\budget.xls
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[Broni]

========== Files Created - No Company Name ==========

[2010/07/19 10:10:09 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\SystemLook.exe
[2010/07/15 12:24:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/15 12:24:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/14 11:34:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 10:44:12 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Desktop\HiJackThis.lnk
[2010/06/25 18:24:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/05/26 18:44:18 | 000,016,704 | ---- | C] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\budgetdata.CSV
[2010/05/26 18:35:38 | 000,011,128 | ---- | C] () -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\My Documents\budget.CSV
[2010/03/26 08:57:57 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2010/03/17 20:46:48 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/03/17 20:46:48 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/18 18:06:29 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/16 20:26:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\uml.INI
[2007/08/16 11:19:54 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/16 11:19:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/16 11:19:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/16 11:19:32 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/16 11:19:30 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/06/27 13:26:09 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/27 13:26:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/15 12:34:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2006/01/05 22:12:27 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/07/16 21:42:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/07/16 21:41:50 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2005/07/16 21:41:19 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/07/16 21:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2005/07/16 21:39:50 | 000,001,597 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2005/07/16 21:39:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/07/16 21:39:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2005/07/14 23:56:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/14 23:54:43 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/14 23:40:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/07/14 23:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/14 23:07:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2005/07/14 22:07:34 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/13 23:42:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/07/13 23:23:13 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/03 21:35:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/04/19 12:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2001/08/14 11:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll

========== LOP Check ==========

[2007/08/13 15:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2008/09/13 13:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
[2008/09/13 13:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
[2008/05/10 13:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2010/08/03 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/03/14 16:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 20:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/14 17:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/18 17:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/06/16 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\123 Free Solitaire
[2007/02/10 17:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\BitTorrent
[2008/10/01 16:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\BitZipper
[2010/03/26 08:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Canon
[2005/07/15 00:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\CD-LabelPrint
[2008/05/10 13:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Datalayer
[2007/03/23 10:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\EndNote
[2009/04/19 16:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\ImgBurn
[2005/07/20 09:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Leadertech
[2008/05/10 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Nokia
[2008/05/10 13:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\PC Suite
[2007/06/16 11:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\RedMercury
[2007/05/30 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yvette.YVETTE-NA0W6OAF\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< &#37;SYSTEMDRIVE%\*.* >
[2006/03/21 20:10:27 | 000,000,020 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/08/10 12:35:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.SYD
[2006/03/07 12:10:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/15 12:24:13 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/15 13:14:52 | 000,018,868 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 12:35:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/10 12:35:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/04 05:06:53 | 000,000,000 | ---- | M] () -- C:\itouch_config_crash_info.txt
[2005/09/05 18:53:12 | 000,000,000 | ---- | M] () -- C:\itouch_crash_info.txt
[2004/08/10 12:35:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/07/24 18:48:20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 11:47:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/03 17:57:42 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
[2004/08/10 12:50:41 | 000,000,032 | ---- | M] () -- C:\setup.log
[2007/09/02 15:42:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/09/02 15:42:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/09/02 15:57:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/09/02 15:42:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/09/02 15:42:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/09/02 15:57:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 13:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2004/04/23 13:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2008/07/06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/07/14 06:43:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/07/14 06:43:02 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/07/14 06:43:02 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 08:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 08:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 08:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 01:48:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05D195EC
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84
< End of report >