Tech Support Forum - View Single Post

jasper4422001 · 08-07-2007, 06:36 PM

*****************************
Here are the files from the online scan
*****************************

KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 12:53:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353494

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~2\Owner\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 22266
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:53:47

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

*************************************************
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 7:52:54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353494

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 83523
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 03:07:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\FirewallService08-07-2007--11-18-25.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Bell\Sympatico Security Advisor\client_gateway.log Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3.log Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Smtp.log Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8b4.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DFA0B8.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CA\PPRT\logs\2007-08-07.csv Object is locked skipped

C:\System Volume Information\_restore{CA2C60B8-5DCF-4D94-9864-248C47E4846E}\RP205\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
********************************************
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 7:58:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353494

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Email
C:\

Scan Statistics
Total number of scanned objects 43
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:02:26

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped

Scan process completed.
************************************************
The following is the Highjackthis.log
************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:45 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn7\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKCU\..\Run: [Sympatico Security Manager] C:\Program Files\Bell\Security Manager\Rps.exe
O4 - HKCU\..\Run: [IndexCleaner] C:\Program Files\Bell\Security Manager\IdxClnR.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://isupport4.hp.com/awebui/jsp/a...iagManager.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.ca/resources/neutr...s/DigWebX2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125077205216
O16 - DPF: {74AAB4CF-DB5A-4AF4-9C81-BF029847072E} (Registry Class) - http://pbc.bc.motive.com/lwprc/stati...ller_2-0-0.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://sympatico.zone.msn.com/bingam...z.cab58570.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://instantsupport.asiapac.hp.com...ActiveChat.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12395 bytes

************************************************
Here's the Combofix log
************************************************
ComboFix 07-08-07.5 - "Owner" 2007-08-07 20:22:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT -4:00]

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-07 11:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 11:30 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-07 11:30 <DIR> d-------- C:\DOCUME~2\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-07 00:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 19:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-06 19:53 <DIR> d-------- C:\Deckard
2007-08-06 19:37 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-06 19:33 <DIR> d-------- C:\ie-spyad
2007-08-06 19:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-06 15:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-06 15:08 <DIR> d-------- C:\Program Files\PCPitstop
2007-08-05 00:21 <DIR> d-------- C:\Program Files\IObit
2007-08-04 23:51 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-07-31 22:17 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2007-07-31 22:17 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2007-07-31 22:16 <DIR> d-------- C:\Program Files\Raxco
2007-07-31 22:16 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-07-31 22:16 <DIR> d-------- C:\DOCUME~2\ALLUSE~1\APPLIC~1\Raxco
2007-07-31 22:15 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-07-31 22:15 <DIR> d-------- C:\Program Files\CA
2007-07-31 22:10 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\InstallShield
2007-07-31 21:05 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-07-31 20:08 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\MSNInstaller
2007-07-30 13:07 81,920 --------- C:\WINDOWS\system32\W32n50.dll
2007-07-30 13:07 589,824 --------- C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2007-07-30 13:07 17,162 --------- C:\WINDOWS\system32\Pcandis5.sys
2007-07-30 13:07 16,848 --------- C:\WINDOWS\system32\Pcandis4.sys
2007-07-30 13:04 <DIR> d-------- C:\Program Files\Motive
2007-07-30 13:01 <DIR> d-------- C:\Program Files\BellCanada
2007-07-12 13:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-09 21:59 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\Sunbelt Software
2007-07-09 02:59 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\Prevx

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 01:10 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\MSN6
2007-08-06 16:50 --------- d-------- C:\Program Files\MSN Messenger
2007-08-06 16:27 --------- d-------- C:\Program Files\HP One-Touch
2007-08-06 16:27 --------- d-------- C:\Program Files\Google
2007-08-05 02:18 --------- d-------- C:\Program Files\LimeWire
2007-07-31 22:15 --------- d-------- C:\Program Files\Bell
2007-07-31 22:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 20:56 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\Bell
2007-07-30 13:12 --------- d-------- C:\Program Files\NetAssistant
2007-07-12 00:08 104 --a------ C:\WINDOWS\system32\SBRC.dat
2007-07-09 17:57 --------- d-------- C:\Program Files\Skype
2007-06-16 23:55 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\Leadertech
2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe
2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 05:24 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2006-03-13 13:14 596 --a------ C:\Program Files\INSTALL.LOG

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CP4HPOT"="C:\PROGRA~1\HPONE-~1\OneTouch.EXE" [2001-11-30 21:14]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-07-09 16:51]
"PCPitstop Optimize Registration Reminder"="C:\Program Files\PCPitstop\Optimize\Reminder.exe" [2007-07-09 16:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 12:37]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:19]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2007-05-09 12:27]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2007-05-09 12:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
backup=C:\WINDOWS\pss\NetAssistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
"C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
essspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Display Settings]
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Presentation Ready]
C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
"C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
"C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
c:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"c:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock32driver]
winVNC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
c:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R0 ENECBPTH;ENE Cardbus Patch Driver;C:\WINDOWS\system32\drivers\ENECBPTH.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 CSS DVP;Dynamic Virus Protection;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 HPGate;HPGate;C:\WINDOWS\system32\Drivers\HPGate.sys
R2 RPSKT;Security Services Driver (x86);C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
R3 Edspport;EDSP Port Driver;C:\WINDOWS\system32\DRIVERS\es56hpi.sys
R3 HPCI;HP Configuration Interface;C:\WINDOWS\system32\DRIVERS\hpci.sys
R3 KBFiltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\KBFiltr.sys
R3 RPPKT;Radialpoint Filter (x86);C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
R3 RPSUpdaterR;Sympatico Security Manager Update Service;C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 VIAIRDA;VIA Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\viairda.sys
S2 ADSEXPB;ADS DVD Xpress B;C:\WINDOWS\system32\Drivers\adsexpb.sys
S3 BT3CSer;3Com Bluetooth Serial Driver;C:\WINDOWS\system32\DRIVERS\BT3CSer.sys
S3 bt3cusb;bt3cusb;C:\WINDOWS\system32\drivers\bt3cusb.sys
S3 ENETHUSB;Speedstream Ethernet USB Adapter;C:\WINDOWS\system32\DRIVERS\enethusb.sys
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS
S3 QCDonner;Logitech QuickCam Express(PID_0840);C:\WINDOWS\system32\DRIVERS\LVCD.sys
S3 Radialpoint Security Services;Sympatico Security Manager;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
S3 S3Twistr;S3Twistr;C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 20:23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 20:29:21
C:\ComboFix-quarantined-files.txt ... 2007-08-07 20:24
C:\ComboFix2.txt ... 2007-08-07 01:59
C:\ComboFix3.txt ... 2007-08-07 00:51

--- E O F ---

08-07-2007, 06:36 PM	#7 (permalink)
jasper4422001 Registered User Join Date: Aug 2007 Posts: 9 OS: Windows XP	Re: Rootkit.Dayoff.Process *************************** Here are the files from the online scan ************************* KASPERSKY ONLINE SCANNER REPORT Tuesday, August 07, 2007 12:53:46 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 7/08/2007 Kaspersky Anti-Virus database records: 353494 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS C:\DOCUME~2\Owner\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 22266 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 00:53:47 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. ********************************************* KASPERSKY ONLINE SCANNER REPORT Tuesday, August 07, 2007 7:52:54 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 7/08/2007 Kaspersky Anti-Virus database records: 353494 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 83523 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 03:07:35 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\FirewallService08-07-2007--11-18-25.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Bell\Sympatico Security Advisor\client_gateway.log Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Smtp.log Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8b4.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFA0B8.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\CA\PPRT\logs\2007-08-07.csv Object is locked skipped C:\System Volume Information\_restore{CA2C60B8-5DCF-4D94-9864-248C47E4846E}\RP205\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. **************************************** KASPERSKY ONLINE SCANNER REPORT Tuesday, August 07, 2007 7:58:06 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 7/08/2007 Kaspersky Anti-Virus database records: 353494 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Email C:\ Scan Statistics Total number of scanned objects 43 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 00:02:26 Infected Object Name Virus Name Last Action C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{ADA6B75A-D3C9-4C42-86BA-04E28E0254A5}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped Scan process completed. ******************************************** The following is the Highjackthis.log ******************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:45 PM, on 8/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bell\Security Manager\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\System32\HPConfig.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\RadioSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\HPONE-~1\OneTouch.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe C:\Program Files\Bell\Security Manager\rpsupdaterR.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn7\YTBSDK.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/...arch.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKCU\..\Run: [Sympatico Security Manager] C:\Program Files\Bell\Security Manager\Rps.exe O4 - HKCU\..\Run: [IndexCleaner] C:\Program Files\Bell\Security Manager\IdxClnR.exe O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe" O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) - http://isupport4.hp.com/awebui/jsp/a...iagManager.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.ca/resources/neutr...s/DigWebX2.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125077205216 O16 - DPF: {74AAB4CF-DB5A-4AF4-9C81-BF029847072E} (Registry Class) - http://pbc.bc.motive.com/lwprc/stati...ller_2-0-0.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://sympatico.zone.msn.com/bingam...z.cab58570.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9A95FE4A-0CD3-4698-A0F4-D2264C6E7046} (HPActiveChat Class) - http://instantsupport.asiapac.hp.com...ActiveChat.CAB O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12395 bytes ******************************************** Here's the Combofix log ********************************************** ComboFix 07-08-07.5 - "Owner" 2007-08-07 20:22:07.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT -4:00] ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-07 11:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-07 11:30 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-07 11:30 <DIR> d-------- C:\DOCUME~2\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-07 00:24 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 19:56 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-06 19:53 <DIR> d-------- C:\Deckard 2007-08-06 19:37 21,312 --a------ C:\WINDOWS\choice.exe 2007-08-06 19:33 <DIR> d-------- C:\ie-spyad 2007-08-06 19:17 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-06 15:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-06 15:08 <DIR> d-------- C:\Program Files\PCPitstop 2007-08-05 00:21 <DIR> d-------- C:\Program Files\IObit 2007-08-04 23:51 <DIR> d-------- C:\Program Files\PC Doc Pro 2007-07-31 22:17 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys 2007-07-31 22:17 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2007-07-31 22:16 <DIR> d-------- C:\Program Files\Raxco 2007-07-31 22:16 <DIR> d-------- C:\Program Files\Common Files\Authentium 2007-07-31 22:16 <DIR> d-------- C:\DOCUME~2\ALLUSE~1\APPLIC~1\Raxco 2007-07-31 22:15 <DIR> d-------- C:\Program Files\Common Files\Scanner 2007-07-31 22:15 <DIR> d-------- C:\Program Files\CA 2007-07-31 22:10 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\InstallShield 2007-07-31 21:05 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-07-31 20:08 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\MSNInstaller 2007-07-30 13:07 81,920 --------- C:\WINDOWS\system32\W32n50.dll 2007-07-30 13:07 589,824 --------- C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll 2007-07-30 13:07 17,162 --------- C:\WINDOWS\system32\Pcandis5.sys 2007-07-30 13:07 16,848 --------- C:\WINDOWS\system32\Pcandis4.sys 2007-07-30 13:04 <DIR> d-------- C:\Program Files\Motive 2007-07-30 13:01 <DIR> d-------- C:\Program Files\BellCanada 2007-07-12 13:16 0 --a------ C:\WINDOWS\system32\SBFC.dat 2007-07-09 21:59 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\Sunbelt Software 2007-07-09 02:59 <DIR> d-------- C:\DOCUME~2\Owner\APPLIC~1\Prevx (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 01:10 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\MSN6 2007-08-06 16:50 --------- d-------- C:\Program Files\MSN Messenger 2007-08-06 16:27 --------- d-------- C:\Program Files\HP One-Touch 2007-08-06 16:27 --------- d-------- C:\Program Files\Google 2007-08-05 02:18 --------- d-------- C:\Program Files\LimeWire 2007-07-31 22:15 --------- d-------- C:\Program Files\Bell 2007-07-31 22:14 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-31 20:56 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\Bell 2007-07-30 13:12 --------- d-------- C:\Program Files\NetAssistant 2007-07-12 00:08 104 --a------ C:\WINDOWS\system32\SBRC.dat 2007-07-09 17:57 --------- d-------- C:\Program Files\Skype 2007-06-16 23:55 --------- d-------- C:\DOCUME~2\Owner\APPLIC~1\Leadertech 2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe 2007-05-16 11:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 05:24 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2006-03-13 13:14 596 --a------ C:\Program Files\INSTALL.LOG ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CP4HPOT"="C:\PROGRA~1\HPONE-~1\OneTouch.EXE" [2001-11-30 21:14] "PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-07-09 16:51] "PCPitstop Optimize Registration Reminder"="C:\Program Files\PCPitstop\Optimize\Reminder.exe" [2007-07-09 16:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 12:37] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:19] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 10:33] "Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [2007-05-09 12:27] "IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [2007-05-09 12:26] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk] backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk] backup=C:\WINDOWS\pss\NetAssistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk] backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone] essspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2] S3tray2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winsock32driver] winVNC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet R0 ENECBPTH;ENE Cardbus Patch Driver;C:\WINDOWS\system32\drivers\ENECBPTH.sys R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys R2 CSS DVP;Dynamic Virus Protection;C:\WINDOWS\system32\DRIVERS\css-dvp.sys R2 HPGate;HPGate;C:\WINDOWS\system32\Drivers\HPGate.sys R2 RPSKT;Security Services Driver (x86);C:\WINDOWS\system32\DRIVERS\rp_skt32.sys R3 Edspport;EDSP Port Driver;C:\WINDOWS\system32\DRIVERS\es56hpi.sys R3 HPCI;HP Configuration Interface;C:\WINDOWS\system32\DRIVERS\hpci.sys R3 KBFiltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\KBFiltr.sys R3 RPPKT;Radialpoint Filter (x86);C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys R3 RPSUpdaterR;Sympatico Security Manager Update Service;C:\Program Files\Bell\Security Manager\rpsupdaterR.exe R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 VIAIRDA;VIA Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\viairda.sys S2 ADSEXPB;ADS DVD Xpress B;C:\WINDOWS\system32\Drivers\adsexpb.sys S3 BT3CSer;3Com Bluetooth Serial Driver;C:\WINDOWS\system32\DRIVERS\BT3CSer.sys S3 bt3cusb;bt3cusb;C:\WINDOWS\system32\drivers\bt3cusb.sys S3 ENETHUSB;Speedstream Ethernet USB Adapter;C:\WINDOWS\system32\DRIVERS\enethusb.sys S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS S3 QCDonner;Logitech QuickCam Express(PID_0840);C:\WINDOWS\system32\DRIVERS\LVCD.sys S3 Radialpoint Security Services;Sympatico Security Manager;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} S3 S3Twistr;S3Twistr;C:\WINDOWS\system32\DRIVERS\s3gnbm.sys S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-07 20:23:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-07 20:29:21 C:\ComboFix-quarantined-files.txt ... 2007-08-07 20:24 C:\ComboFix2.txt ... 2007-08-07 01:59 C:\ComboFix3.txt ... 2007-08-07 00:51 --- E O F ---