Hi Here is the Log
Thanks
ComboFix 10-07-07.02 - BLKD865 09/07/2010 11:36:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.573 [GMT 10:00]
Running from: c:\documents and settings\BLKD865\Desktop\LAUREN\Ants Docs\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100708-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\10C.tmp
C:\14.tmp
C:\17E.tmp
C:\18C.tmp
C:\19B.tmp
C:\1A8.tmp
C:\1B5.tmp
C:\1C3.tmp
C:\1DE.tmp
C:\1EF.tmp
c:\documents and settings\BLKD865\Favorites\wifrac.exe
c:\documents and settings\BLKD865\Start Menu\Programs\Download programs.url
c:\documents and settings\BLKD865\Start Menu\Programs\Games.url
c:\documents and settings\BLKD865\Start Menu\Programs\Translator.url
c:\documents and settings\BLKD865\Start Menu\Programs\Videos.url
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\service
c:\windows\system32\service\22092009_TIS17_SfFniAU.log
c:\windows\system32\SHELLLNK.TLB
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-08 22:52 . 2010-07-08 22:52 -------- d-----w- c:\documents and settings\BLKD865\Application Data\Malwarebytes
2010-07-08 22:51 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 22:51 . 2010-07-08 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-08 22:51 . 2010-07-08 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 22:51 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 05:26 . 2010-07-07 05:26 -------- d-----w- C:\_OTL
2010-06-30 05:09 . 2010-06-30 05:10 -------- d--h--w- c:\program files\Zero G Registry
2010-06-30 05:09 . 2010-06-30 05:09 -------- d-----w- c:\program files\Sports Interactive
2010-06-30 05:08 . 2010-06-30 05:08 -------- d--h--w- c:\documents and settings\BLKD865\InstallAnywhere
2010-06-30 05:07 . 2010-06-30 05:11 -------- d-----w- c:\documents and settings\BLKD865\Application Data\Sports Interactive
2010-06-26 03:29 . 2010-06-26 03:29 -------- d-----w- c:\program files\MagicISO
2010-06-24 11:26 . 2010-06-24 11:26 -------- d-----w- c:\windows\vbSkinner
2010-06-24 11:25 . 2010-06-25 02:52 -------- d-----w- c:\program files\PFConfig
2010-06-24 11:09 . 2010-06-24 11:09 -------- d-----w- c:\program files\uTorrent
2010-06-24 11:08 . 2010-07-09 01:46 -------- d-----w- c:\documents and settings\BLKD865\Application Data\uTorrent
2010-06-11 00:53 . 2008-04-13 14:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-11 00:53 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-11 00:51 . 2008-11-07 08:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-11 00:41 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-11 00:41 . 2010-06-11 00:41 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-11 00:40 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-06-11 00:40 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-06-11 00:40 . 2010-02-26 04:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-06-11 00:40 . 2010-02-26 04:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-06-11 00:40 . 2010-02-26 04:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-06-11 00:40 . 2010-02-26 04:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-06-11 00:36 . 2010-06-11 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-06-10 23:28 . 2010-06-10 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Oryte_Games_1
2010-06-09 12:03 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 00:56 . 2006-12-26 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-06 20:29 . 2008-02-05 08:47 -------- d-----w- c:\program files\Barungo
2010-07-06 05:45 . 2006-09-27 22:59 -------- d-----w- c:\program files\Google
2010-07-06 05:17 . 2007-11-24 09:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-06 05:16 . 2006-12-26 11:58 -------- d-----w- c:\program files\Lavasoft
2010-07-06 04:24 . 2008-03-10 01:39 -------- d-----w- c:\documents and settings\BLKD865\Application Data\LimeWire
2010-06-30 02:27 . 2009-03-02 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-29 11:59 . 2009-12-21 07:49 69980 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-28 07:07 . 2010-03-05 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-19 02:07 . 2006-07-03 03:45 88816 ----a-w- c:\documents and settings\BLKD865\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-11 00:56 . 2006-11-03 08:43 -------- d-----w- c:\program files\Nokia
2010-06-11 00:54 . 2010-06-11 00:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-06-11 00:53 . 2010-06-11 00:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-11 00:53 . 2006-11-03 08:43 -------- d-----w- c:\documents and settings\BLKD865\Application Data\PC Suite
2010-06-11 00:53 . 2006-11-06 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-11 00:53 . 2006-11-03 09:58 -------- d-----w- c:\documents and settings\BLKD865\Application Data\Nokia
2010-06-11 00:52 . 2010-06-11 00:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-11 00:51 . 2010-06-11 00:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-11 00:41 . 2006-11-06 10:34 -------- d-----w- c:\program files\DIFX
2010-06-11 00:36 . 2010-06-11 00:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\pcswpcsi.exe
2010-06-11 00:36 . 2010-06-11 00:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstCCD.exe
2010-06-11 00:36 . 2010-06-11 00:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-06-11 00:36 . 2010-06-11 00:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCS.exe
2010-06-11 00:36 . 2010-06-11 00:36 35536248 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_eng_web[1].exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10270\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10270\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10270\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10270\AcrobatUpdater.exe
2010-05-23 06:14 . 2010-05-23 06:12 -------- d-----w- c:\program files\Oryte_Games_1
2010-05-23 06:12 . 2010-05-23 06:12 -------- d-----w- c:\program files\Conduit
2010-05-21 13:10 . 2006-12-31 06:04 -------- d-----w- c:\documents and settings\BLKD865\Application Data\Apple Computer
2010-05-21 04:14 . 2009-10-03 11:40 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 00:50 . 2006-09-22 05:06 -------- d-----w- c:\documents and settings\BLKD865\Application Data\EPSON
2010-05-15 12:55 . 2010-05-15 12:55 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\McAfee
2010-05-15 08:05 . 2010-05-12 01:52 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-15 04:04 . 2006-09-22 03:47 -------- d-----w- c:\program files\epson
2010-05-15 04:04 . 2006-09-22 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-05-15 04:03 . 2010-05-15 03:59 -------- d-----w- c:\program files\Epson Software
2010-05-15 04:03 . 2006-07-03 03:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-15 03:59 . 2010-05-15 03:59 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-05-15 03:55 . 2010-05-15 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-05-14 09:56 . 2010-05-14 09:56 50354 ----a-w- c:\documents and settings\BLKD865\Application Data\Facebook\uninstall.exe
2010-05-14 09:56 . 2010-05-14 09:54 -------- d-----w- c:\documents and settings\BLKD865\Application Data\Facebook
2010-05-14 09:56 . 2010-05-14 09:56 2114184 ----a-w- c:\documents and settings\BLKD865\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-05-12 01:52 . 2010-05-12 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-12 01:52 . 2010-05-12 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-12 01:50 . 2010-05-12 01:50 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-06 10:41 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 00:31 . 2010-04-30 00:31 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-23 00:17 . 2010-04-23 00:17 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-20 05:30 . 2004-08-10 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 00:26 . 2010-04-14 00:26 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2010-04-13 06:42 . 2009-05-31 00:57 38784 ----a-w- c:\documents and settings\BLKD865\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}"= "c:\program files\Oryte_Games_1\tbOry0.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\Oryte_Games_1\tbOry0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}"= "c:\program files\Oryte_Games_1\tbOry0.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50BCBFA7-2A6A-41ED-9D96-34D2073A8943}"= "c:\program files\Oryte_Games_1\tbOry0.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{50bcbfa7-2a6a-41ed-9d96-34d2073a8943}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5700F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE" [2005-05-10 98304]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-24 323376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5700F Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE" [2005-05-10 98304]
"EPSON Stylus CX5700F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALP.EXE" [2005-05-10 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-30 5419008]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-5-4 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-17 67128]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^BLKD865^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\documents and settings\BLKD865\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^BLKD865^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\BLKD865\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 13:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-12-16 07:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 11:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-05-03 14:33 32768 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2005-07-22 00:42 1519616 ----a-w- c:\program files\D-Link\AirPlus G\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2005-03-28 04:25 1011712 ----a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-06 23:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-17 02:24 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 05:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 05:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 05:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-25 05:20 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-05-30 01:34 5419008 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ----a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 11:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 10:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 02:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-28 08:29 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-04 05:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 07:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.5.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Documents and Settings\\BLKD865\\My Documents\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22799:TCP"= 22799:TCP:utorrent
"22799:UDP"= 22799:UDP:utorrent
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/10/2009 9:20 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/10/2009 9:20 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 5:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/12/2009 10:21 PM 135664]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22/03/2005 3:17 AM 450400]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/12/2006 9:56 PM 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 10:49 PM 227232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]
2010-07-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 01:43]
2010-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 05:07]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 12:21]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 12:21]
2010-07-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 07:20]
2010-07-08 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
2010-07-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{B5E89FE8-449E-4EF5-A7F2-B00B3255DF95}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: live.com\login
Trusted Zone: live.com.au\login
Trusted Zone: msn.com
Trusted Zone: ninemsn.com.au
Trusted Zone: passport.com
TCP: {2A83F08B-D009-4AD5-BBCF-97F984E0BC1B} = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fssui.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 11:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3893138469-1101478843-4148372498-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CC95B573-17FF-4EB1-97C8-9ECE04B645C7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnmpgbmnfoglnhchakimlkhbikjkdbpfm"=hex:61,62,64,6b,64,64,63,67,70,6c,6c,6c,
67,64,6b,6d,6d,6d,67,6b,6d,68,6b,61,67,6e,70,68,6c,66,66,6e,6b,63,00,77
"bbnmpgbmnfoglnhchafdbomancednkgnbdgn"=hex:61,62,65,6b,6e,64,6b,64,61,64,69,62,
70,6c,6d,6a,6e,65,6b,6f,65,6d,64,6b,70,6d,66,70,6e,67,68,64,68,62,00,77
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6344)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-07-09 11:57:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 01:57
Pre-Run: 49,908,137,984 bytes free
Post-Run: 49,913,147,392 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - B633BB433E34ED59C6DA179472D52AD6