Recurring Viruses?

Printable View

Show 40 post(s) from this thread on one page

August 24th, 2010, 01:23 AM
cweidya

Recurring Viruses?

Hi,
Recently my laptop is suddenly going on extremely performance all of a sudden while in the middle of browsing or working on Microsoft Excell. Suspecting a virus, I did some scans using PCTools, SuperAntispyware and lastly Mbam at differing times and/or days. Results show I did have some (posted the very last one here from Mbam) eventhough I cleaned and removed them everytime the scan results said I was infected. Why do I always get them???
Please help.... :'(
thanks in advance
Here's the mbam results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/24/2010 11:43:20 AM
mbam-log-2010-08-24 (11-43-20).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 138499
Time elapsed: 27 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
August 24th, 2010, 01:38 AM
Broni

Please, read here: http://discussions.virtualdr.com/sho...d.php?t=167915, and start new topic here: http://discussions.virtualdr.com/forumdisplay.php?f=71
August 24th, 2010, 07:46 AM
cweidya

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4469

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/24/2010 6:43:26 PM
mbam-log-2010-08-24 (18-43-26).txt

Scan type: Quick scan
Objects scanned: 134364
Time elapsed: 17 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mink\Local Settings\Temporary Internet Files\Content.IE5\CDKJ2LS7\_rplc[1].exe (Trojan.Vilsel) -> Quarantined and deleted successfully.
August 24th, 2010, 07:48 AM
cweidya

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-24 18:42:07
Windows 5.1.2600 Service Pack 2
Running: zb9lql9l.exe; Driver: C:\DOCUME~1\mink\LOCALS~1\Temp\ffqyqfob.sys

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7343112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73222D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73224C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7343900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7343BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7341E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7344020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73433D2]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3944620]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PC Tools Security\pctsSvc.exe[232] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 0044BC05 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1272] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\PC Tools Security\pctsTray.exe[2372] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 0044B8D9 C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[3608] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d37e7e
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d37e7e (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@LastTraceFailure 0

---- EOF - GMER 1.0.15 ----
August 24th, 2010, 07:49 AM
cweidya

DDS (Ver_10-03-17.01) - NTFSx86
Run by mink at 18:25:33.82 on Tue 08/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.71 [GMT 7:00]

AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
svchost.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Tools Security\pctsTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MoRUN.net\StickerLite\sticker.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\mink\My Documents\Downloads\zb9lql9l.exe
C:\Documents and Settings\mink\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [<NO NAME>]
mRun: [DispSwitchLauncher] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\bluetooth\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\bluetooth\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\bluetooth\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {D75B8010-7DD9-4920-A075-DF09CBEDC213} = 202.155.0.10 202.155.0.15
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mink\applic~1\mozilla\firefox\profiles\305qrywn.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - component: c:\documents and settings\mink\application data\mozilla\firefox\profiles\305qrywn.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-08-24 04:11:57 0 d-----w- c:\docume~1\mink\applic~1\Malwarebytes
2010-08-24 04:10:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 04:10:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-24 04:10:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 04:09:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 08:05:32 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-21 08:05:31 882 ----a-w- c:\windows\RegSDImport.xml
2010-08-21 08:05:31 879 ----a-w- c:\windows\RegISSImport.xml
2010-08-21 08:05:31 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-08-21 08:05:31 192 ----a-w- c:\windows\UDB.zip
2010-08-21 08:05:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-21 08:05:31 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-08-21 08:05:31 131 ----a-w- c:\windows\IDB.zip
2010-08-21 06:03:03 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-21 06:03:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-21 06:02:57 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-21 06:02:57 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-21 06:02:57 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-21 06:02:57 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-21 06:02:47 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-21 06:02:47 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-21 06:02:39 0 d-----w- c:\program files\PC Tools Security
2010-08-21 06:02:39 0 d-----w- c:\program files\common files\PC Tools
2010-08-21 06:02:39 0 d-----w- c:\docume~1\mink\applic~1\PC Tools
2010-08-21 06:02:39 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-21 04:48:01 0 d-----w- c:\docume~1\mink\applic~1\SUPERAntiSpyware.com
2010-08-21 04:48:01 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-21 04:47:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-20 08:04:53 0 --sha-r- C:\khy
2010-07-28 09:02:21 0 --sha-r- C:\khx

==================== Find3M ====================

============= FINISH: 18:26:42.82 ===============
August 24th, 2010, 07:50 AM
cweidya

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2010 12:53:55 PM
System Uptime: 8/24/2010 5:04:45 PM (1 hours ago)

Motherboard: FUJITSU | | FJNB19A
Processor: AMD Turion(tm) 64 Mobile Technology MT-30 | Onboard | 795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 40 GiB total, 35.317 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 70.366 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP22: 5/29/2010 11:12:54 AM - System Checkpoint
RP23: 5/31/2010 9:55:55 AM - System Checkpoint
RP24: 6/4/2010 11:52:01 AM - System Checkpoint
RP25: 6/5/2010 3:14:42 PM - System Checkpoint
RP26: 6/7/2010 8:33:53 AM - System Checkpoint
RP27: 6/9/2010 8:55:11 AM - System Checkpoint
RP28: 6/10/2010 9:34:03 AM - System Checkpoint
RP29: 6/11/2010 10:35:25 AM - System Checkpoint
RP30: 6/12/2010 1:52:31 PM - System Checkpoint
RP31: 6/14/2010 9:14:52 AM - System Checkpoint
RP32: 6/15/2010 10:42:13 AM - System Checkpoint
RP33: 6/16/2010 11:45:03 AM - System Checkpoint
RP34: 6/18/2010 9:57:40 AM - System Checkpoint
RP35: 6/21/2010 11:33:04 AM - System Checkpoint
RP36: 6/22/2010 1:55:23 PM - System Checkpoint
RP37: 7/8/2010 6:32:55 PM - System Checkpoint
RP38: 7/9/2010 6:52:25 PM - System Checkpoint
RP39: 7/12/2010 1:56:35 PM - Installed MoRUN.net Sticker Lite
RP40: 7/13/2010 3:06:07 PM - System Checkpoint
RP41: 7/15/2010 9:08:00 AM - System Checkpoint
RP42: 7/16/2010 11:31:02 AM - System Checkpoint
RP43: 7/18/2010 6:52:22 PM - System Checkpoint
RP44: 7/21/2010 3:38:28 PM - System Checkpoint
RP45: 7/27/2010 9:13:57 AM - System Checkpoint
RP46: 7/29/2010 12:59:42 PM - System Checkpoint
RP47: 7/31/2010 10:46:50 AM - System Checkpoint
RP48: 8/2/2010 10:56:24 AM - System Checkpoint
RP49: 8/3/2010 1:41:14 PM - System Checkpoint
RP50: 8/4/2010 2:08:33 PM - System Checkpoint
RP51: 8/5/2010 5:04:41 PM - System Checkpoint
RP52: 8/9/2010 10:50:22 AM - System Checkpoint
RP53: 8/11/2010 11:51:41 AM - System Checkpoint
RP54: 8/13/2010 9:10:08 AM - System Checkpoint
RP55: 8/16/2010 9:27:54 AM - System Checkpoint
RP56: 8/20/2010 1:26:37 PM - System Checkpoint
RP57: 8/21/2010 1:52:13 PM - System Checkpoint
RP58: 8/23/2010 9:38:43 AM - PC Tools AntiVirus Free: Cleaning Threats
RP59: 8/23/2010 10:23:41 AM - PC Tools AntiVirus Free: Cleaning Threats
RP60: 8/23/2010 6:03:24 PM - PC Tools AntiVirus Free: Cleaning Threats
RP61: 8/24/2010 5:14:27 PM - [PRODUCTNAME]: Cleaning Threats
RP62: 8/24/2010 5:15:48 PM - [PRODUCTNAME]: Cleaning Threats
RP63: 8/24/2010 5:56:57 PM - [PRODUCTNAME]: Cleaning Threats

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Agere Systems AC'97 Modem
AIO_Scan
Atheros Install Program for Wireless Network Adapter Products
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bluetooth Software
Broadcom 44x 10/100 Integrated Controller
Browser Defender 3.0
BufferChm
C-Major Audio
Cooking Dash: DinerTown Studios
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
eSupportQFolder
F2100
F2100_Help
Fujitsu Display Manager
Fujitsu System Extension Utility
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Java Auto Updater
Java(TM) 6 Update 20
LifeBook Application Panel
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile Connect
MoRUN.net Sticker Lite
Mozilla Firefox (3.6.6)
O2Micro Flash Memory Card Windows Driver
PC Tools AntiVirus Free
Scan
SolutionCenter
Sonic DLA
Sonic RecordNow!
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/24/2010 6:56:10 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/23/2010 12:06:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
8/23/2010 12:06:46 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
August 24th, 2010, 01:10 PM
Broni
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
August 24th, 2010, 11:27 PM
cweidya

ComboFix 10-08-24.07 - mink 08/25/2010 9:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.197 [GMT 7:00]
Running from: c:\documents and settings\mink\My Documents\Downloads\ComboFix.exe
AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-24 04:11 . 2010-08-24 04:11 -------- d-----w- c:\documents and settings\mink\Application Data\Malwarebytes
2010-08-24 04:10 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 04:10 . 2010-08-24 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-24 04:10 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 04:09 . 2010-08-24 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 08:30 . 2009-10-29 04:59 378368 ----a-w- c:\documents and settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\WINNT_x86-msvc\components\libheuristic.dll
2010-08-21 08:05 . 2010-06-18 10:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-21 08:05 . 2010-06-18 10:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-21 08:05 . 2010-06-18 10:00 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-08-21 08:05 . 2010-06-18 10:00 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-08-21 08:05 . 2010-05-10 07:14 192 ----a-w- c:\windows\UDB.zip
2010-08-21 08:05 . 2008-11-26 04:08 131 ----a-w- c:\windows\IDB.zip
2010-08-21 06:03 . 2010-02-05 02:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-21 06:02 . 2010-03-29 03:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-21 06:02 . 2009-11-23 06:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-21 06:02 . 2010-04-08 07:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-21 06:02 . 2010-08-25 02:05 -------- d-----w- c:\program files\PC Tools Security
2010-08-21 06:02 . 2010-08-21 08:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-21 06:02 . 2010-08-21 06:02 -------- d-----w- c:\documents and settings\mink\Application Data\PC Tools
2010-08-21 06:02 . 2010-08-21 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-21 05:53 . 2010-08-25 02:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-21 04:53 . 2010-08-21 04:53 63488 ----a-w- c:\documents and settings\mink\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 04:53 . 2010-08-21 04:53 52224 ----a-w- c:\documents and settings\mink\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 04:53 . 2010-08-21 04:53 117760 ----a-w- c:\documents and settings\mink\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 04:48 . 2010-08-21 04:48 -------- d-----w- c:\documents and settings\mink\Application Data\SUPERAntiSpyware.com
2010-08-21 04:48 . 2010-08-21 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-21 04:47 . 2010-08-21 04:48 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 05:16 . 2010-06-17 07:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-12 06:56 . 2010-07-12 06:56 -------- d-----w- c:\program files\MoRUN.net
2010-05-31 07:31 . 2010-05-26 06:03 27488 ----a-w- c:\documents and settings\mink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 07:45 . 2010-05-26 05:49 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-07-16 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-02-25 69632]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 61440]
"DispSwitchLauncher"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2005-04-08 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-05 344064]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-02-03 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-25 122939]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Bluetooth\Bluetooth Software\BTTray.exe [2004-11-29 569405]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MoRUN.net\\StickerLite\\sticker.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [5/26/2010 12:59 PM 31936]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [5/26/2010 12:59 PM 23168]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/21/2010 1:02 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 1:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 1:41 AM 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [8/21/2010 3:05 PM 198608]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/26/2010 7:39 PM 4864]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/21/2010 1:02 PM 366840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - component: c:\documents and settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 09:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll

- - - - - - - > 'lsass.exe'(808)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-08-25 09:18:48
ComboFix-quarantined-files.txt 2010-08-25 02:18

Pre-Run: 37,834,149,888 bytes free
Post-Run: 38,122,479,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 38133262F7580316BBBFF94857E829F7
August 24th, 2010, 11:29 PM
cweidya

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7A2E000 \WINDOWS\system32\KDCOM.DLL
0xF793E000 \WINDOWS\system32\BOOTVID.dll
0xF73FF000 ACPI.sys
0xF7A30000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73EE000 pci.sys
0xF752E000 isapnp.sys
0xF73CF000 fltMgr.sys
0xF753E000 ohci1394.sys
0xF754E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7942000 compbatt.sys
0xF7946000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AF6000 pciide.sys
0xF77AE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF73B1000 pcmcia.sys
0xF755E000 MountMgr.sys
0xF7392000 ftdisk.sys
0xF77B6000 PartMgr.sys
0xF756E000 VolSnap.sys
0xF737A000 atapi.sys
0xF77BE000 o2sd.sys
0xF7362000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF77C6000 o2media.sys
0xF757E000 disk.sys
0xF758E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7350000 sr.sys
0xF7317000 PCTCore.sys
0xF7302000 drvmcdb.sys
0xF77CE000 PxHelp20.sys
0xF72EB000 KSecDD.sys
0xF725E000 Ntfs.sys
0xF7231000 NDIS.sys
0xF7216000 Mup.sys
0xF76DE000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6FC1000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6FAD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7846000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6F8A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF784E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF770E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A42000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF771E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF772E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6F67000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A44000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0xF773E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7856000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6F50000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF785E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF774E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF79FE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF775E000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF7A02000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF6F3C000 \SystemRoot\system32\DRIVERS\parport.sys
0xF776E000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6ECE000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF777E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6E88000 \SystemRoot\system32\drivers\STAC97.sys
0xF6E64000 \SystemRoot\system32\drivers\portcls.sys
0xF778E000 \SystemRoot\system32\drivers\drmk.sys
0xF6D2D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7866000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A46000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0xF7A12000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6BEA000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7B22000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF786E000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7876000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF779E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BD3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75AE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6B22000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75CE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF787E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7886000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A48000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6AEE000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A1E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF761E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF764E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A4C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B60000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A58000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78CE000 \SystemRoot\system32\drivers\ssrtln.sys
0xF78D6000 \SystemRoot\System32\drivers\vga.sys
0xF7A5A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF70B6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4A4B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF49F3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF49CB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF70AE000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF49A9000 \SystemRoot\System32\drivers\afd.sys
0xF767E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF48E7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF78EE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF48BB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF484C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF769E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF482B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76AE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7906000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6ADE000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF791E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF792E000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF6ADA000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF76EE000 \SystemRoot\System32\Drivers\btwusb.sys
0xF47EB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A76000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF781E000 \SystemRoot\System32\watchdog.sys
0xF4A7E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF6B83000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6B73000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7C12000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D3000 \SystemRoot\System32\ati2dvag.dll
0xBFA0C000 \SystemRoot\System32\ati2cqag.dll
0xBFA49000 \SystemRoot\System32\ati3duag.dll
0xBFC7C000 \SystemRoot\System32\ativvaxx.dll
0xF76BE000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7B6F000 \SystemRoot\system32\dla\tfsndres.sys
0xEC67D000 \SystemRoot\system32\dla\tfsnifs.sys
0xEC6FF000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7AAE000 \SystemRoot\system32\dla\tfsnpool.sys
0xF789E000 \SystemRoot\system32\dla\tfsnboio.sys
0xF76FE000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7B6D000 \SystemRoot\system32\dla\tfsndrct.sys
0xEC63C000 \SystemRoot\system32\dla\tfsnudf.sys
0xEC623000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEC69F000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEC51D000 \SystemRoot\system32\DRIVERS\irda.sys
0xEC69B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC2E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A70000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF790E000 \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
0xF7916000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xEC216000 \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
0xEC033000 \SystemRoot\system32\DRIVERS\srv.sys
0xEBCFE000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBF1B000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC250000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEB966000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEB7BD000 \SystemRoot\System32\Drivers\HTTP.sys
0xEB525000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xEB799000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xEB28D000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
436 C:\WINDOWS\system32\smss.exe
728 csrss.exe
752 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\ati2evxx.exe
992 C:\WINDOWS\system32\svchost.exe
1072 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1304 svchost.exe
1576 C:\WINDOWS\system32\spoolsv.exe
1612 C:\WINDOWS\system32\acs.exe
1688 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
1768 svchost.exe
1780 C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
1828 C:\WINDOWS\system32\svchost.exe
1840 C:\Program Files\Java\jre6\bin\jqs.exe
1860 C:\WINDOWS\system32\svchost.exe
1876 C:\WINDOWS\system32\o2flash.exe
1892 C:\WINDOWS\system32\svchost.exe
1912 C:\Program Files\PC Tools Security\pctsAuxs.exe
1944 C:\Program Files\PC Tools Security\pctsSvc.exe
492 C:\WINDOWS\system32\svchost.exe
220 C:\WINDOWS\system32\ati2evxx.exe
324 C:\WINDOWS\explorer.exe
1140 C:\Program Files\Apoint2K\Apoint.exe
1164 C:\WINDOWS\system32\rundll32.exe
1172 C:\WINDOWS\AGRSMMSG.exe
1188 C:\Program Files\ltmoh\ltmoh.exe
1224 C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
1240 C:\Program Files\Apoint2K\Hidfind.exe
1364 C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
1368 C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
1348 C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
1468 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
1476 C:\Program Files\Apoint2K\ApntEx.exe
1540 C:\Program Files\Atheros\ACU.exe
1732 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1800 C:\WINDOWS\system32\dla\tfswctrl.exe
2084 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2100 C:\Program Files\PC Tools Security\pctsTray.exe
2108 C:\Program Files\Messenger\msmsgs.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2144 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2164 C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
2172 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3596 alg.exe
3628 C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
2244 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2828 C:\WINDOWS\system32\wuauclt.exe
3532 C:\Program Files\Mozilla Firefox\firefox.exe
3556 C:\Program Files\Mozilla Firefox\plugin-container.exe
2296 C:\Documents and Settings\mink\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`1c99be00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM120JC, Rev: YL100-19

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
August 24th, 2010, 11:32 PM
Broni
MBRCheck log looks good :)

Combofix log looks good as well :)

Any current issues?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Update MBAM, run it and post fresh log.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
August 25th, 2010, 12:15 AM
cweidya

The latest problem was 25threats discovered by pctools when i started the comp this morning. Can't locate where the pctools log report is :confused:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4473

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/25/2010 11:08:45 AM
mbam-log-2010-08-25 (11-08-45).txt

Scan type: Quick scan
Objects scanned: 132848
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
August 25th, 2010, 12:20 AM
Broni

I'm not familiar with PCTools, but there is a good chance, it removed most of threats.
I'd be nice to see, what kind of threats were those.
August 25th, 2010, 05:17 AM
cweidya

1st half of OTL Extras logfile 8/25/2010 11:32:28 AM - Run 1 OTL by OldTimer - Versio

OTL logfile created on: 8/25/2010 11:32:28 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\mink\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 196.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.45 Gb Total Space | 36.29 Gb Free Space | 89.73% Space Free | Partition Type: NTFS
Drive D: | 71.34 Gb Total Space | 70.37 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 44.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 3.75 Gb Total Space | 3.64 Gb Free Space | 97.10% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MINK-04D466856B
Current User Name: mink
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/25 11:05:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mink\My Documents\Downloads\OTL.exe
PRC - [2010/07/20 00:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2007/01/29 14:59:24 | 000,921,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
PRC - [2005/04/08 14:27:52 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
PRC - [2005/03/24 14:43:28 | 000,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005/03/24 14:41:56 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005/02/25 10:13:54 | 000,069,632 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2005/02/03 18:21:40 | 000,286,720 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2005/01/27 16:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/11/29 19:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
PRC - [2004/11/29 19:50:00 | 000,254,007 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
PRC - [2004/08/17 18:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/08/04 19:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/31 04:57:22 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe

========== Modules (SafeList) ==========

MOD - [2010/08/25 11:05:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mink\My Documents\Downloads\OTL.exe
MOD - [2004/11/29 19:56:52 | 000,053,248 | ---- | M] () -- C:\Program Files\Bluetooth\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/04 19:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 19:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/18 17:00:10 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/27 16:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/11/29 19:50:00 | 000,254,007 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe -- (btwdins)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mink\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/11 01:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/18 01:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/29 14:58:14 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005/03/24 14:41:56 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/24 11:08:12 | 000,023,168 | ---- | M] (O2 Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/02/24 11:07:22 | 000,031,936 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2005/01/26 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/26 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/26 01:05:00 | 000,087,834 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/26 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/26 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/26 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/26 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/26 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/26 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/01/06 04:28:38 | 000,855,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/12/27 20:30:40 | 000,449,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/20 22:10:14 | 001,271,463 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/10 19:57:24 | 000,283,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/11/29 19:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004/11/29 19:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004/11/29 19:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/11/29 19:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/10/11 12:24:00 | 000,045,056 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/18 03:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2003/08/22 01:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2001/08/17 19:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/02 04:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:1.1.3
FF - prefs.js..keyword.URL: "http://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010/08/21 15:05:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 10:54:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/16 21:14:07 | 000,000,000 | ---D | M]

[2010/05/26 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Mozilla\Extensions
[2010/08/24 18:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\extensions
[2010/08/21 15:30:26 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}
[2010/05/26 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\extensions\[email protected]
[2010/08/21 15:12:28 | 000,002,689 | ---- | M] () -- C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Profiles\305qrywn.default\searchplugins\search-defender.xml
[2010/08/24 18:08:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 16:53:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/26 16:53:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/25 09:17:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
August 25th, 2010, 05:20 AM
cweidya

2nd half of OTL logfile

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mink\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/26 12:50:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/07 01:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/13 17:31:22 | 000,025,214 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/09/13 17:23:04 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/08/20 15:04:38 | 000,001,294 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 11:19:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/25 11:12:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/25 09:12:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/25 09:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/24 11:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\Malwarebytes
[2010/08/24 11:10:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/24 11:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/24 11:10:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/24 11:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/21 15:05:31 | 001,435,600 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/08/21 15:05:31 | 000,264,144 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/08/21 15:05:31 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/08/21 13:03:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/08/21 13:02:57 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/08/21 13:02:57 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/08/21 13:02:47 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/08/21 13:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/08/21 13:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/21 13:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\PC Tools
[2010/08/21 13:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/21 12:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/21 11:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\SUPERAntiSpyware.com
[2010/08/21 11:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/21 11:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/12 13:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\MoRUN.net
[2010/07/09 16:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Local Settings\Application Data\PCHealth
[2010/07/08 14:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Desktop\Unused Desktop Shortcuts
[2010/06/15 09:35:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/06/14 11:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\Sonic
[2010/06/14 11:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\Leadertech
[2010/06/11 19:49:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/06/10 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\PlayFirst
[2010/06/10 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/05/31 14:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\Printer Info Cache
[2010/05/31 14:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Application Data\Image Zone Express
[2010/05/31 14:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\My Documents\My Scans
[2010/05/31 10:24:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/29 17:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mink\Local Settings\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/25 11:23:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 11:23:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 11:21:33 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\mink\NTUSER.DAT
[2010/08/25 11:21:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mink\ntuser.ini
[2010/08/25 09:17:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 09:17:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/25 09:13:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/25 06:54:01 | 000,121,029 | ---- | M] () -- C:\Documents and Settings\mink\My Documents\SES calendar 10-11 revised.pdf
[2010/08/24 12:24:19 | 005,371,644 | -H-- | M] () -- C:\Documents and Settings\mink\Local Settings\Application Data\IconCache.db
[2010/08/23 09:29:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 16:04:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\mink\My Documents\supplierlist.xls
[2010/08/21 11:47:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/20 15:04:53 | 000,000,000 | RHS- | M] () -- C:\khy
[2010/08/16 21:14:08 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/13 12:16:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/28 16:02:21 | 000,000,000 | RHS- | M] () -- C:\khx
[2010/07/12 13:56:37 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MoRUN.net Sticker Lite.lnk
[2010/06/23 08:26:40 | 000,000,000 | RHS- | M] () -- C:\khw
[2010/06/18 17:00:16 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/18 17:00:12 | 001,435,600 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/18 17:00:12 | 000,264,144 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/18 17:00:02 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/05 16:17:13 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\mink\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/04 16:18:16 | 000,166,400 | ---- | M] () -- C:\Documents and Settings\mink\My Documents\PAXDETAILS.xls
[2010/05/31 14:31:37 | 000,027,488 | ---- | M] () -- C:\Documents and Settings\mink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 09:13:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/25 09:13:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/25 06:54:01 | 000,121,029 | ---- | C] () -- C:\Documents and Settings\mink\My Documents\SES calendar 10-11 revised.pdf
[2010/08/21 15:05:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/08/21 15:05:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/08/21 15:05:31 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/08/21 15:05:31 | 000,000,192 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/08/21 15:05:31 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/08/21 13:03:03 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/08/21 13:02:57 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/08/21 13:02:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/08/21 13:02:47 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/21 11:47:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/20 15:04:53 | 000,000,000 | RHS- | C] () -- C:\khy
[2010/08/16 21:14:08 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/28 16:02:21 | 000,000,000 | RHS- | C] () -- C:\khx
[2010/07/12 13:56:37 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MoRUN.net Sticker Lite.lnk
[2010/06/23 08:26:40 | 000,000,000 | RHS- | C] () -- C:\khw
[2010/06/21 15:28:22 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\mink\My Documents\supplierlist.xls
[2010/06/17 14:11:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/05 16:17:13 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\mink\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/04 16:18:14 | 000,166,400 | ---- | C] () -- C:\Documents and Settings\mink\My Documents\PAXDETAILS.xls
[2010/05/26 15:40:07 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/26 15:24:06 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/26 12:59:59 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/03/04 06:50:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/29 19:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/09/14 07:10:14 | 000,000,295 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 19:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 19:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========
August 25th, 2010, 05:22 AM
cweidya

3rd = last portion of OTL log

[2010/05/26 15:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/06/10 16:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/08/25 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/31 14:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Image Zone Express
[2010/06/14 11:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Leadertech
[2010/06/10 16:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\PlayFirst
[2010/05/31 14:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Printer Info Cache
[2010/05/26 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mink\Application Data\Tatara Systems

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/05/26 12:50:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/26 15:22:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2010/05/26 12:43:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/25 09:13:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/25 09:18:48 | 000,012,740 | ---- | M] () -- C:\ComboFix.txt
[2010/05/26 12:50:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/26 12:50:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/23 08:26:40 | 000,000,000 | RHS- | M] () -- C:\khw
[2010/07/28 16:02:21 | 000,000,000 | RHS- | M] () -- C:\khx
[2010/08/20 15:04:53 | 000,000,000 | RHS- | M] () -- C:\khy
[2010/05/26 12:50:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 19:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 19:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/25 11:23:02 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/12/29 09:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/26 19:33:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/26 19:33:31 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/26 19:33:31 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/04 19:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 19:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 19:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

Show 40 post(s) from this thread on one page