Virtumonde.sdn --- HELP

Status
Not open for further replies.
A

andrew_juz_64

New member
Hi all,
I seem to have picked up this Virtumonde.sdn virus.
I see by doing a search here, that with a bit of expert help, I might be able to gt rid of it.

Please help me !!!

Cheers,

Andrew

Hi again,
I see I need to attach the report.
I tried pasting it once but it was too big, then I tried to attache the text file as an attachment but it was once again too big.
Now I'll try zipping up the text file and attaching it here.

Third time lucky hopefully.

Thanks again in advance,

Andrew
 
Last edited by a moderator:
Hello Andrew

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Please reply to this thread only by using the SUBMIT REPLY

Do not attach any logs unless requested to do so.



Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    post_a4255_MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please



First run the cleaner, then run Malwarebytes and then run RSIT. Post the Malwarebytes log and then the logs from RSIT
 
Malwarebytes' Anti-Malware 1.41
Database version: 2794
Windows 5.1.2600 Service Pack 3

14/09/2009 8:51:47 PM
mbam-log-2009-09-14 (20-51-47).txt

Scan type: Quick Scan
Objects scanned: 112282
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\docprop32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\54363998663 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\docprop32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\docprop32.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\docprop32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\1A3.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\A8.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\DC.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\DD.tmp (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.




and





--- Search result list ---
DoubleClick: Tracking cookie (Internet Explorer: Andrew & Lyn) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-01 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-01 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2009-09-01 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-09-01 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-09-01 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-01 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-01 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-08 Includes\Spyware.sbi (*)
2009-09-01 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-09-01 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB972636)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB961503)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969897)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 4A0BBDF88636F2EF08420BDCD343D286

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C

Located: HK_LM:Run, BrMfcWnd
command: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
file: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
size: 622592
MD5: 7E17313EE7DF61660FC95A633268DC74

Located: HK_LM:Run, ControlCenter3
command: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
file: C:\Program Files\Brother\ControlCenter3\brctrcen.exe
size: 61440
MD5: 953372CBBC6404B0C0636D06B1C74B9B

Located: HK_LM:Run, cwcptray
command: C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
file: C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
size: 352576
MD5: 490273587CF40060209BAB0904D8C405

Located: HK_LM:Run, IndexSearch
command: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
file: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
size: 40960
MD5: EE25C4A5AA0839EF66ED3AF0A79EEF75

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68

Located: HK_LM:Run, LifeCam
command: "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
file: C:\Program Files\Microsoft LifeCam\LifeExp.exe
size: 279912
MD5: 411EA589240F875E685F3C985357AE08

Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1312080
MD5: C5FCC0B761069FABD59E41B7C3280DDF

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 155648
MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7626752
MD5: 798F88E0415D806585C31B62D3513888

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: 130A6F86CCF912624C315AB120A45A22

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 5E63397F521E80662AFFCF2F38262CA5

Located: HK_LM:Run, PaperPort PTD
command: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
file: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 57393
MD5: 852803AAF50A785BAFE788D2AD666C78

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16116224
MD5: 901D251617EE3C80E8701311C2DE4295

Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
size: 49152
MD5: 0C6DC7F88DF16A6851BD11A48A03DA1B

Located: HK_LM:Run, SkyTel
command: SkyTel.EXE
file: C:\WINDOWS\SkyTel.EXE
size: 2879488
MD5: C74B86642F131D76C0EDE673FDF137B2

Located: HK_LM:Run, SolidWorks_CheckForUpdates
command: "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
file: C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
size: 7218472
MD5: BE7B7CA2067F597AFFBC4A557167681E

Located: HK_LM:Run, SSBkgdUpdate
command: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 155648
MD5: 1C3CA3E7807F915933BB4E08E599DDAB

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642

Located: HK_LM:Run, VX1000
command: C:\WINDOWS\vVX1000.exe
file: C:\WINDOWS\vVX1000.exe
size: 709992
MD5: F9825069752B43CA98974B71A9B4DCF5

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:RunOnce, RunNarrator
where: .DEFAULT...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1390067357-1637723038-1078081533-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1390067357-1637723038-1078081533-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-1390067357-1637723038-1078081533-1003...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 247144
MD5: 62CDB3A98F8DAFB6DD79E9A85A5A57D9

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1390067357-1637723038-1078081533-1004...
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 143360
MD5: CE8D6FF5BEDDA023F7A1BB3FA34130DE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1390067357-1637723038-1078081533-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1390067357-1637723038-1078081533-1004...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1390067357-1637723038-1078081533-1005...
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 143360
MD5: CE8D6FF5BEDDA023F7A1BB3FA34130DE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1390067357-1637723038-1078081533-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1390067357-1637723038-1078081533-1005...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:RunOnce, RunNarrator
where: S-1-5-18...
command: Narrator.exe
file: C:\WINDOWS\system32\Narrator.exe
size: 53760
MD5: 21F839F2281473642AC2060F30E19DC7

Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 14/03/2009 8:18:14 AM
Date (last access): 14/09/2009 8:09:08 PM
Date (last write): 14/03/2009 8:18:14 AM
Filesize: 908528
Attributes: archive
MD5: 6CF8AFD64FC52A25EF9F6CA3F2C94D42
CRC32: 735E9426
Version: 2009.3.13.2

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 11:08:42 PM
Date (last access): 14/09/2009 8:15:38 PM
Date (last write): 22/10/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} (ALOT Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ALOT Toolbar BHO
CLSID name: ALOT Toolbar BHO
Path: C:\Program Files\alot\bin\
Long name: alot.dll
Short name:
Date (created): 22/07/2009 6:23:14 AM
Date (last access): 14/09/2009 8:09:10 PM
Date (last write): 22/07/2009 6:23:14 AM
Filesize: 807208
Attributes: archive
MD5: ADFE9D2CAA31CB82D78E4D9AC28DB294
CRC32: 5E4E5666
Version: 2.4.4.412

{201f27d4-3704-41d6-89c1-aa35e39143ed} (AskBar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AskBar BHO
CLSID name: AskBar BHO
Path: C:\Program Files\AskBarDis\bar\bin\
Long name: askBar.dll
Short name:
Date (created): 28/07/2009 10:43:16 PM
Date (last access): 14/09/2009 8:09:08 PM
Date (last write): 8/09/2008 10:08:22 PM
Filesize: 279944
Attributes: archive
MD5: 07E2FC67C0536D430B8FA971ACFC9F14
CRC32: 1C1E0B80
Version: 4.1.0.2

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/09/2009 9:12:26 AM
Date (last access): 14/09/2009 9:26:10 PM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 3:41:30 PM
Date (last access): 14/09/2009 8:15:04 PM
Date (last write): 22/01/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 14/08/2009 8:02:24 PM
Date (last access): 14/09/2009 8:15:38 PM
Date (last write): 10/05/2007 10:47:04 PM
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 29/07/2009 7:10:36 AM
Date (last access): 14/09/2009 8:09:12 PM
Date (last write): 25/07/2009 5:23:04 AM
Filesize: 41760
Attributes: archive
MD5: 1E57B1A44C7DFFA1C38534279C14B3CE
CRC32: BA79295C
Version: 6.0.150.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 29/07/2009 7:10:38 AM
Date (last access): 14/09/2009 8:09:12 PM
Date (last write): 25/07/2009 5:22:44 AM
Filesize: 73728
Attributes: archive
MD5: 55E583817A2012FD75F1F8CF87EE760C
CRC32: 7051D2F4
Version: 6.0.150.3

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 14/03/2009 8:18:12 AM
Date (last access): 14/09/2009 8:57:26 PM
Date (last write): 14/03/2009 8:18:12 AM
Filesize: 165616
Attributes: archive
MD5: BF5B4112CFB373EDD45C5A74C3DAC9BB
CRC32: 14A7F7B6
Version: 2009.3.13.2



--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 31/12/2008 5:04:42 PM
Date (last access): 14/09/2009 9:24:38 PM
Date (last write): 3/08/2009 3:07:42 PM
Filesize: 403816
Attributes: archive
MD5: 10C03F5479E6BD73C9CB3DFDE9FA4C2E
CRC32: C60BD332
Version: 2.0.48.0

{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool)
DPF name:
CLSID name: Microsoft Genuine Advantage Self Support Tool
Installer: C:\WINDOWS\Downloaded Program Files\Selfhelpcontrol.inf
Codebase: http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
Path: C:\WINDOWS\system32\
Long name: SelfHelpControl.DLL
Short name: SELFHE~1.DLL
Date (created): 15/02/2007 3:22:26 PM
Date (last access): 14/09/2009 8:47:54 PM
Date (last write): 15/02/2007 3:22:26 PM
Filesize: 688000
Attributes: archive
MD5: 9B33D0014BCB40FCA9B16DDC8A8F46EC
CRC32: 6E932A05
Version: 1.7.13.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 3:00:36 AM
Date (last access): 9/09/2009 8:48:12 PM
Date (last write): 25/07/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 3:00:36 AM
Date (last access): 14/09/2009 9:29:18 PM
Date (last write): 25/07/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_15
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_15.dll
Short name: NPJPI1~1.DLL
Date (created): 25/07/2009 3:00:36 AM
Date (last access): 14/09/2009 9:29:18 PM
Date (last write): 25/07/2009 5:23:04 AM
Filesize: 136992
Attributes: archive
MD5: C79293AA0C64855B6FC3E0E874B472CE
CRC32: EA2282C5
Version: 6.0.150.3

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 620 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 676 ( 620) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 700 ( 620) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 744 ( 700) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 756 ( 700) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 932 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1000 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1096 ( 744) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1188 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1252 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1332 ( 744) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 18752
MD5: 5E692B54EC3D9C586417F9C5822CBEC9
PID: 1380 ( 744) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 138680
MD5: 72C4BB55413D2D621BCC1DBF4074EB5D
PID: 1736 ( 744) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 424 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 460 ( 744) C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
size: 1288512
MD5: CF387D09C8456367DA5343E79B986E1A
PID: 564 ( 744) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 557F35D1CA42AEA14A6690E21887A31F
PID: 576 ( 744) C:\Program Files\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 604 ( 744) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
size: 54784
MD5: 9BDBDA21D3BA8E374FD06A405BE10215
PID: 952 ( 744) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 112325F53AB720CA77825726D427FBDC
PID: 984 ( 744) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 61440
MD5: 6E5DAC168D1FF9843E84A59D51D31107
PID: 1068 ( 744) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
size: 271720
MD5: 641199534871783DD74138FE0BCFDAE7
PID: 1084 ( 744) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
size: 3575808
MD5: E00696D78AF663C523D3483410C66F21
PID: 1136 ( 744) C:\WINDOWS\system32\nvsvc32.exe
size: 155715
MD5: 9F40402087B6D4A428571DD6CA83AC1E
PID: 1128 ( 744) C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
size: 675840
MD5: 54755A4B59515436EF8DAACD3AD85422
PID: 1508 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1908 ( 744) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
size: 92008
MD5: 2F0F321A18B9AF31802454DA284D766A
PID: 1952 ( 744) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 248 ( 744) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 2236 ( 700) C:\WINDOWS\system32\WgaTray.exe
size: 934792
MD5: B1296D52B0D2096EC4759EEEB806D759
PID: 2264 (2204) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 2384 ( 744) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 254040
MD5: AEF50B1CEA979739EDE53C68556B95E5
PID: 2452 ( 744) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 352920
MD5: A62A0418BE5A5B8B0ECF3D8F73325113
PID: 2464 ( 932) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 227840
MD5: 798A9E6828997EEF4517ADA8A2259831
PID: 2660 ( 932) C:\WINDOWS\system32\wbem\unsecapp.exe
size: 16896
MD5: C7000F2DB2A5515C64C257478769A481
PID: 2692 ( 744) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 3100 (2264) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 3184 (2264) C:\WINDOWS\RTHDCPL.EXE
size: 16116224
MD5: 901D251617EE3C80E8701311C2DE4295
PID: 3412 (2264) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 4EADA484E5F7E04CDEEF95030DA4B05C
PID: 3472 (2264) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
size: 57393
MD5: 852803AAF50A785BAFE788D2AD666C78
PID: 3496 (2264) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
size: 622592
MD5: 7E17313EE7DF61660FC95A633268DC74
PID: 3548 (2264) C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
size: 7218472
MD5: BE7B7CA2067F597AFFBC4A557167681E
PID: 3556 (2264) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 4A0BBDF88636F2EF08420BDCD343D286
PID: 3580 (2264) C:\WINDOWS\vVX1000.exe
size: 709992
MD5: F9825069752B43CA98974B71A9B4DCF5
PID: 3588 (3528) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
size: 339968
MD5: B02316F1F3FBB2DFC75027F988AF390E
PID: 3592 (2264) C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
size: 352576
MD5: 490273587CF40060209BAB0904D8C405
PID: 3620 (2264) C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
PID: 3632 (2264) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642
PID: 3720 (2264) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3740 (3496) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
size: 69632
MD5: 7F9284FEC5E5DC23B2BA31883485015D
PID: 3748 (2264) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 247144
MD5: 62CDB3A98F8DAFB6DD79E9A85A5A57D9
PID: 3772 (2264) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3868 (2264) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE
PID: 204 ( 744) C:\Program Files\iPod\bin\iPodService.exe
size: 542496
MD5: E8E568EA584973DFD99AAC7D00A16287
PID: 276 ( 744) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
size: 654848
MD5: 227846995AFEEFA70D328BF5334A86A5
PID: 2952 (2264) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14/09/2009 9:29:18 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com.au/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: CWALSP MSAFD Tcpip [TCP/IP]
GUID: {8CDB4F83-45C6-4CCE-845A-48F1F25B163E}
Filename: C:\WINDOWS\system32\cwalsp.dll

Protocol 1: CWALSP MSAFD Tcpip [UDP/IP]
GUID: {DD74C44F-6800-4DC3-969E-DC47A3F9886B}
Filename: C:\WINDOWS\system32\cwalsp.dll

Protocol 2: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E3161B5F-9F3D-48B0-9894-C02D9F7A9D73}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E3161B5F-9F3D-48B0-9894-C02D9F7A9D73}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAE70159-5588-45BA-A828-834E20E692BE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAE70159-5588-45BA-A828-834E20E692BE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4357348-2513-4D7D-AE02-CD5FB9DEE927}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4357348-2513-4D7D-AE02-CD5FB9DEE927}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1AAFE35-04F0-44BE-8283-A9ED078B4437}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1AAFE35-04F0-44BE-8283-A9ED078B4437}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: CWALSP
GUID: {92979E34-5990-41D1-85C9-80E4B5E4728D}
Filename: C:\WINDOWS\system32\cwalsp.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
 
Andrew,

Thanks for the Malwarebytes log , I am looking at it now. In order to help you effectively, you need to read and follow the instructions.

I did not ask for the Spybot log, I asked for the RSIT log
 
Hi Ken,
Sorry I thought I was following the instructions.
Do you need a new RSIT log or the one I attached above when I first ran it?

Cheers
Andrew
 
New RSIT Report,

Cheers.


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
ALOT Toolbar BHO - C:\Program Files\alot\bin\alot.dll [2009-07-22 807208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!7 Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files\alot\bin\alot.dll [2009-07-22 807208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-13 7626752]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-13 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-18 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"SolidWorks_CheckForUpdates"=C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [2008-09-16 7218472]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-18 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-11 709992]
"cwcptray"=C:\Program Files\ContentWatch\Internet Protection\cwtray.exe [2009-04-01 352576]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-08 247144]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\54363998663]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\play2p\play2p.exe"="C:\Program Files\play2p\play2p.exe:*:Enabled:play2p"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe"="C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-09-14 20:42:10 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\Malwarebytes
2009-09-14 20:42:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-14 20:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-14 20:29:50 ----D---- C:\Program Files\trend micro
2009-09-14 20:29:49 ----D---- C:\rsit
2009-09-09 20:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 20:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-06 09:12:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-06 09:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-04 18:33:20 ----D---- C:\Program Files\Photo Story 3 for Windows
2009-09-03 19:33:45 ----D---- C:\Program Files\Lavasoft
2009-09-03 19:33:45 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-01 20:24:10 ----A---- C:\WINDOWS\system32\zZQlaiBd2cswROj.vbs
2009-09-01 20:23:54 ----A---- C:\WINDOWS\system32\hd7Cj.vbs
2009-09-01 20:23:34 ----A---- C:\WINDOWS\system32\KdaZhJjpXTkCeNW.vbs
2009-08-31 20:09:00 ----D---- C:\Program Files\Microsoft Works
2009-08-31 20:08:19 ----D---- C:\Program Files\Microsoft Visual Studio
2009-08-31 20:02:50 ----D---- C:\WINDOWS\SHELLNEW
2009-08-31 20:01:24 ----RHD---- C:\MSOCache
2009-08-31 19:32:59 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\EDrawings
2009-08-26 15:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-24 20:01:32 ----D---- C:\WINDOWS\system32\appmgmt
2009-08-24 11:30:12 ----RHD---- C:\Documents and Settings\Andrew & Lyn\Application Data\SecuROM
2009-08-24 11:30:11 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-08-24 09:37:57 ----D---- C:\Program Files\EA GAMES
2009-08-24 09:37:56 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-08-21 20:59:58 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2009-08-21 20:57:09 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\TomTom
2009-08-21 20:56:48 ----D---- C:\Program Files\TomTom International B.V
2009-08-21 20:56:20 ----D---- C:\Program Files\TomTom HOME 2
2009-08-19 19:23:16 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-08-19 19:23:16 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-08-19 19:23:16 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-08-19 19:23:16 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-08-19 19:23:12 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-08-19 19:23:12 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-08-17 18:00:51 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\alot
2009-08-17 17:12:23 ----D---- C:\Program Files\alot

======List of files/folders modified in the last 1 months======

2009-09-15 07:30:33 ----D---- C:\WINDOWS\Temp
2009-09-15 07:26:23 ----D---- C:\WINDOWS\Prefetch
2009-09-15 07:25:40 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\IM
2009-09-14 22:28:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-14 22:28:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-14 22:21:18 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\SolidWorks
2009-09-14 20:54:07 ----D---- C:\WINDOWS\system32
2009-09-14 20:42:04 ----D---- C:\WINDOWS\system32\drivers
2009-09-14 20:42:03 ----RD---- C:\Program Files
2009-09-14 20:24:56 ----D---- C:\WINDOWS
2009-09-14 17:53:38 ----D---- C:\WINDOWS\Network Diagnostic
2009-09-14 06:46:52 ----D---- C:\Temp
2009-09-11 21:33:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-09 20:46:49 ----HD---- C:\WINDOWS\inf
2009-09-09 20:46:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 20:46:46 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 20:46:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 20:46:42 ----SHD---- C:\WINDOWS\Installer
2009-09-09 20:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-09 20:46:05 ----D---- C:\WINDOWS\ie8updates
2009-09-07 19:56:49 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\FrostWire
2009-09-06 09:42:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-05 14:50:37 ----SD---- C:\WINDOWS\Tasks
2009-09-04 18:39:31 ----SD---- C:\Documents and Settings\Andrew & Lyn\Application Data\Microsoft
2009-09-04 18:33:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-03 19:33:42 ----D---- C:\WINDOWS\WinSxS
2009-09-01 20:55:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-01 19:13:55 ----D---- C:\Photos
2009-08-31 20:18:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-31 20:11:04 ----RSD---- C:\WINDOWS\assembly
2009-08-31 20:08:44 ----D---- C:\Program Files\MSBuild
2009-08-31 20:08:23 ----D---- C:\Program Files\Microsoft Office
2009-08-31 20:07:29 ----RSD---- C:\WINDOWS\Fonts
2009-08-31 20:03:16 ----A---- C:\WINDOWS\win.ini
2009-08-31 20:03:13 ----D---- C:\Program Files\Common Files\System
2009-08-29 07:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-24 20:44:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-24 19:38:21 ----D---- C:\Program Files\Common Files\DESIGNER
2009-08-24 19:20:03 ----D---- C:\WINDOWS\system32\config
2009-08-24 11:29:37 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-21 20:57:26 ----D---- C:\Documents and Settings\Andrew & Lyn\Application Data\Mozilla
2009-08-18 02:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-18 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-18 51376]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-18 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 vusbbus;Virtual Usb Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vusbbus.sys [2007-10-21 18432]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-18 23152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-01-24 38656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-13 3934592]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-11 1966312]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-18 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2009-07-26 54784]
R2 CwAltaService20;ContentWatch; C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe [2009-04-01 1288512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-18 271720]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-13 155715]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007; C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2007-07-23 675840]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-08 92008]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-18 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-26 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-07-26 79360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
Hello Andrew,

ALOT Toolbar
AskBar
You have these installed. Alot is adware and Ask is not needed, you should uninstall both of these via the Add Remove Programs in the Control Panel/

How are things running now ?
 
Hi Ken,
I'm at work now but I'll uninstall those programs tonight when I get home.
Things seem to be running fine now as far as I can see. No sign of the pop ups or connection problems in explorer that were frustrating me.
Thanks very much for your help.

Regards

Andrew
 
Your welcome Andrew, I will leave this thread open for you, post back and let me know if you had problems uninstalling those two programs.
 
Hi Ken,
So far so good. Everything looks to be running fine so I guess you can close the thread if you like.
Once again, thanks very much for your help.

Cheers
Andrew:thanks:
 
Your welcome Andrew,





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
 
Status
Not open for further replies.
Back
Top