Good Evening Tan ........hope life is well with you ......here's the log file you requested
ComboFix 09-03-18.01 - Brian 2009-03-19 22:05:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.547 [GMT -4:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
FILE ::
c:\program files\wt3d.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\WildTangent
c:\program files\WildTangent\LicenseStores\WT\
058D8AB2-0002-4963-8BEF-C53407A55AB8.wtlic
c:\program files\WildTangent\LicenseStores\WT\13E38CFC-81C8-11D9-8BDE-F66BAD1E3F3A.wtlic
c:\program files\WildTangent\LicenseStores\WT\4B39DF83-1063-4fcc-B1B4-0E116120D387.wtlic
c:\program files\WildTangent\LicenseStores\WT\5F7E059C-CAEF-43ad-9378-DD87D8B6B154.wtlic
c:\program files\WildTangent\LicenseStores\WT\D1FBFB02-8F56-11D9-8BDE-F66BAD1E3F3A.wtlic
c:\program files\WildTangent\LicenseStores\WT\WT.sto
c:\program files\WildTangent\toshiba\moregames.ico
c:\program files\WildTangent\toshiba\onplay.exe
c:\program files\WildTangent\toshiba\version.txt
c:\program files\wt3d.ini
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
2009-03-18 22:35 . 2009-03-18 22:35 <DIR> d-------- c:\windows\LastGood
2009-03-08 19:00 . 2009-03-08 19:04 <DIR> d-------- c:\program files\HyperStudio 4 Player
2009-03-08 13:48 . 2009-03-09 00:55 10,061 --a------ c:\windows\PlantStudio2.ini
2009-03-08 13:40 . 2009-03-08 22:21 <DIR> d-------- C:\PlantStudio2
2009-03-08 00:45 . 2009-03-08 00:45 <DIR> d-------- c:\windows\TreemagikG3 Demo
2009-03-08 00:45 . 2009-03-08 13:39 <DIR> d-------- c:\program files\TreemagikG3 Demo
2009-03-08 00:43 . <DIR> c:\program files\Plant-Life© Demo - TGC Edtiion
2009-03-02 12:35 . 2009-03-02 12:36 <DIR> d-------- C:\rsit
2009-03-02 12:33 . 2009-03-02 12:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-02 12:22 . 2009-03-02 12:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-02 12:22 . 2009-03-02 12:22 73,728 --a------ c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-19 23:19 35,890 ----a-w c:\documents and settings\Brian\Application Data\wklnhst.dat
2009-03-19 17:06 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-19 02:35 --------- d-----w c:\program files\McAfee
2009-03-08 17:38 --------- d-----w c:\program files\Native Instruments
2009-03-08 17:38 --------- d-----w c:\program files\Common Files\Native Instruments
2009-03-08 17:37 --------- d-----w c:\program files\VstPlugins
2009-03-08 17:37 --------- d-----w c:\program files\ Plant-Life© Demo - TGC Edtiion
2009-03-08 00:49 --------- d-----w c:\program files\REAPER
2009-03-02 16:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-02 16:22 --------- d-----w c:\program files\Java
2009-03-01 22:08 --------- d-----w c:\documents and settings\Brian\Application Data\REAPER
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:25 --------- d-----w c:\program files\ASIO4ALL v2
2009-02-07 01:01 --------- d-----w c:\program files\Pro Tracks Plus
2009-02-06 02:44 --------- d-----w c:\program files\BurnAware Home
2009-02-05 17:37 --------- d-----w c:\program files\Alcohol Soft
2009-02-05 17:33 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-04 15:24 --------- d--h--r c:\documents and settings\Lindi\Application Data\yahoo!
2009-02-01 19:38 --------- d-----w c:\program files\Yahoo!
2009-02-01 04:59 --------- d-----w c:\program files\MySpace
2009-02-01 03:12 --------- d-----w c:\program files\Common Files\Scanner
2009-02-01 02:58 262,144 ----a-w C:\ntuser.dat
2009-02-01 02:58 --------- d--h--r c:\documents and settings\Brian\Application Data\yahoo!
2009-02-01 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\Sony
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\Publish Providers
2009-01-23 17:29 --------- d-----w c:\documents and settings\Lindi\Application Data\NetMedia Providers
2009-01-13 03:05 3,120 ----a-w c:\windows\system32\
0810be8f-b2fd-4cfc-bbc2-e45e10a7568b.dll
2001-07-12 12:09 61,440 ----a-w c:\windows\inf\i386\onetUSD.dll
2001-06-05 12:11 32,768 ----a-w c:\windows\inf\i386\Wiamicro.dll
2001-05-14 14:19 51,984 ----a-w c:\windows\inf\i386\Wiafbdrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-11_10.18.58.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-11 12:18:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-19 23:01:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 20:21:14 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-03-11 14:10:09 65,446 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-18 19:10:12 65,446 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-11 14:10:09 411,142 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 19:10:12 411,142 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-18 19:05:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-09-06 40960]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 258118]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2001-07-12 86016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"= wdmaud.sys
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-05 206096]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 0092541237430156mcinstcleanup;McAfee Application Installer Cleanup (0092541237430156);c:\windows\TEMP\
009254~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\
009254~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 CEUSBAUD;DigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2007-01-22 17920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
Contents of the 'Scheduled Tasks' folder
2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://us.mc328.mail.yahoo.com/mc/welco ... ujKoKsMlC4mStart Page = about:blank
uInternet Connection Wizard,ShellNext =
hxxp://www.toshibadirect.com/dpdstartuSearchURL,(Default) =
hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-19 22:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'winlogon.exe'(2276)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-19 22:09:32
ComboFix-quarantined-files.txt 2009-03-20 02:09:29
ComboFix2.txt 2009-03-11 14:19:52
ComboFix3.txt 2007-07-12 18:10:33
Pre-Run: 71,150,600,192 bytes free
Post-Run: 71,157,231,616 bytes free
183 --- E O F --- 2009-03-16 13:26:28