Solved Asking for personal information when i try to login

[Resolved] Asking for personal information when i try to login

Whenever i try to login to my banking online, it keeps asking my personel information such as SSN#, credit card#, etc.

Here is the log requested from DDS
DDS (Ver_10-03-17.01) - FAT32x86
Run by Sasai at 1:13:49.70 on Sun 05/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.84 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SVCHOST.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sasai\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://search.live.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820

\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn

toolbar\platform\5.0.1430.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R280 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\windows\temp\E_S9A.tmp" /EF

"HKCU "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [LaunchApp] Alaunch
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AcerNotebookManager] c:\program files\acer\notebook manager\almxptray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1430.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181

\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [2004-3-18 6431]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [2004-3-4 4243]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-9-9 188992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-23

102448]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-9-9 5760]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100507.016\naveng.sys [2010-5-7 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100507.016\navex15.sys [2010-5-7 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-

15 227232]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]

=============== Created Last 30 ================

2010-05-06 07:19:52 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-05-06 07:19:49 0 d-----w- c:\program files\McAfee Security Scan
2010-05-03 22:34:23 0 d-sh--w- c:\documents and settings\sasai\IECompatCache
2010-04-28 22:33:32 0 d-sh--w- c:\documents and settings\sasai\PrivacIE
2010-04-28 08:07:37 0 d-sh--w- c:\documents and settings\sasai\IETldCache
2010-04-28 07:58:02 0 d-----w- c:\windows\ie8updates
2010-04-28 07:55:45 0 d--h--w- c:\windows\ie8
2010-04-28 07:55:24 0 d-----w- c:\program files\MSN Toolbar
2010-04-28 07:53:45 0 d-----w- c:\program files\Bing Bar Installer
2010-04-28 07:53:39 0 d--h--w- c:\windows\msdownld.tmp
2010-04-28 07:50:42 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-28 07:50:42 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-28 07:50:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-28 07:50:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-28 07:50:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-28 07:50:24 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-28 02:36:37 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-28 02:36:37 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-04-28 02:36:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 23:17:36 0 d-----w- c:\documents and settings\sasai\Tracing
2010-04-27 23:16:00 0 d-----w- c:\program files\Microsoft
2010-04-27 23:15:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-27 23:09:46 0 d-----w- c:\program files\common files\Windows Live
2010-04-27 06:24:13 0 d-sh--w- c:\documents and settings\sasai\UserData
2010-04-24 18:48:10 0 d-sh--w- C:\FOUND.000
2010-04-24 07:14:21 0 d-----w- C:\EPSONREG
2010-04-24 07:09:51 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-04-24 07:09:00 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-04-24 07:08:59 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-24 07:08:58 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-24 07:08:55 126976 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr
2010-04-24 07:08:43 0 d-----w- c:\windows\system32\PhotoImpression Slideshow
2010-04-24 07:07:24 0 d-----w- c:\program files\EPSON Print CD
2010-04-24 07:06:30 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-04-24 07:06:10 0 d-----w- c:\program files\EPSON
2010-04-24 07:05:43 44 ----a-w- c:\windows\EPSPR280.ini
2010-04-23 23:09:47 0 d-----w- c:\windows\system32\KB905474
2010-04-23 23:04:46 0 d-----w- c:\windows\ServicePackFiles
2010-04-23 22:30:52 0 d-----w- c:\windows\system32\CatRoot_bak
2010-04-23 22:26:17 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 22:24:35 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-23 22:24:35 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-23 22:24:34 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-23 22:24:34 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-23 08:21:29 0 d-----w- c:\windows\system32\PreInstall
2010-04-23 08:21:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-23 08:21:27 0 d--h--w- c:\windows\$hf_mig$
2010-04-23 08:13:34 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-23 08:07:12 0 d-----w- c:\windows\SHELLNEW
2010-04-23 08:02:02 0 ----a-w- c:\windows\vpc32.INI
2010-04-23 07:57:55 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-23 07:55:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-23 07:55:29 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-23 07:55:29 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-23 07:55:29 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-23 07:55:27 0 d-----w- c:\windows\RegisteredPackages
2010-04-23 07:55:11 0 d-----w- c:\program files\Symantec AntiVirus
2010-04-23 07:54:09 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-04-23 07:54:09 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-04-23 07:54:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-04-23 07:54:09 0 d-----w- c:\program files\Symantec
2010-04-23 07:54:09 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-23 07:54:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-23 07:48:08 83 ----a-w- c:\windows\QtZgAcer.UNI
2010-04-23 07:48:08 0 d-----w- c:\program files\Launch Manager
2010-04-23 07:48:07 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-04-23 07:48:07 17983 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-04-23 07:48:07 126976 ----a-w- c:\windows\UNINST32.EXE
2010-04-23 07:47:27 0 d-----w- c:\program files\ATI Technologies
2010-04-23 07:25:45 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-23 07:25:37 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

==================== Find3M ====================

2010-04-23 07:23:58 4233 ----a-w- c:\windows\CLEANUP.CMD
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 05:21:20 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 05:21:14 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2010-02-26 06:12:22 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-26 06:12:18 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-02-26 06:12:16 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2010-02-26 06:12:16 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 10:53:10 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2010-02-25 06:24:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:38 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:38 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:38 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:36 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:36 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-16 14:27:26 4734976 ----a-w- c:\windows\system32\dllcache\wmp.dll
2010-02-16 13:19:56 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 1:14:08.07 ===============

 

Hi. You need to post both logs from the DDS scan please.

==

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

I didn't know that. I ran the test again and here is the logs from DDS scan.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/23/2010 12:46:16 AM
System Uptime: 5/17/2010 11:24:39 PM (1 hours ago)

Motherboard: Acer | | TravelMate 8000
Processor: Intel(R) Pentium(R) M processor 1.80GHz | uFCPGA2 | 1794/400mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 37 GiB total, 22.242 GiB free.
D: is FIXED (FAT32) - 37 GiB total, 26.555 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 4/23/2010 12:46:18 AM - System Checkpoint
RP2: 4/23/2010 12:55:06 AM - Installed Symantec AntiVirus
RP3: 4/23/2010 1:06:05 AM - Installed Microsoft Office Enterprise 2007
RP4: 4/23/2010 1:13:30 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP5: 4/23/2010 1:21:23 AM - Software Distribution Service 3.0
RP6: 4/23/2010 4:03:02 PM - Software Distribution Service 3.0
RP7: 4/24/2010 12:07:23 AM - Installed EPSON Print CD
RP8: 4/24/2010 12:08:15 AM - Installed ArcSoft PhotoImpression 6
RP9: 4/24/2010 12:08:40 AM - Installed ArcSoft PhotoImpression 6
RP10: 4/24/2010 12:09:38 AM - Installed Print Creations
RP11: 4/24/2010 3:00:43 AM - Software Distribution Service 3.0
RP12: 4/24/2010 11:50:52 AM - Software Distribution Service 3.0
RP13: 4/24/2010 12:18:55 PM - Software Distribution Service 3.0
RP14: 4/24/2010 3:05:03 PM - Installed Connect Service
RP15: 4/24/2010 3:36:44 PM - Software Distribution Service 3.0
RP16: 4/24/2010 11:40:15 PM - Software Distribution Service 3.0
RP17: 4/25/2010 3:35:21 PM - Installed Connect Service
RP18: 4/26/2010 3:00:14 AM - Software Distribution Service 3.0
RP19: 4/26/2010 11:57:24 PM - Software Distribution Service 3.0
RP20: 4/28/2010 12:02:00 AM - System Checkpoint
RP21: 4/28/2010 12:50:47 AM - Software Distribution Service 3.0
RP22: 4/28/2010 12:54:56 AM - Removed Windows Live Sign-in Assistant
RP23: 4/28/2010 12:56:52 AM - Installed Windows Internet Explorer 8.
RP24: 4/28/2010 12:57:52 AM - Software Distribution Service 3.0
RP25: 4/28/2010 1:17:04 AM - Software Distribution Service 3.0
RP26: 4/29/2010 1:24:43 AM - Software Distribution Service 3.0
RP27: 4/30/2010 1:16:39 AM - Software Distribution Service 3.0
RP28: 5/1/2010 12:38:00 PM - System Checkpoint
RP29: 5/2/2010 1:23:09 PM - System Checkpoint
RP30: 5/3/2010 2:04:00 PM - System Checkpoint
RP31: 5/4/2010 10:19:22 PM - System Checkpoint
RP32: 5/5/2010 11:12:56 PM - System Checkpoint
RP33: 5/6/2010 12:24:35 AM - Removed Adobe Reader 6.0
RP34: 5/6/2010 12:24:53 AM - Installed Adobe Reader 9.3.
RP35: 5/7/2010 12:32:22 AM - System Checkpoint
RP36: 5/8/2010 1:19:43 AM - System Checkpoint
RP37: 5/9/2010 1:47:17 AM - System Checkpoint
RP38: 5/10/2010 2:03:48 AM - System Checkpoint
RP39: 5/12/2010 11:59:05 PM - System Checkpoint
RP40: 5/13/2010 3:00:26 AM - Software Distribution Service 3.0
RP41: 5/15/2010 1:56:29 AM - System Checkpoint
RP42: 5/18/2010 12:03:36 AM - System Checkpoint

==== Installed Programs ======================

Acer Notebook Manager
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Agere Systems AC'97 Modem
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bing Bar
Bing Bar Platform
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Launch Manager
LiveUpdate 3.2 (Symantec Corporation)
McAfee Security Scan Plus
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
MSVCRT
NTI Backup NOW! 3
NTI CD & DVD-Maker
NTI CD & DVD-Maker Gold
O2Micro MemoryCardBus & Smart Card Reader Windows Driver
PowerDVD
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Segoe UI
Symantec AntiVirus
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool

==== End Of File ===========================

DDS (Ver_10-03-17.01) - FAT32x86
Run by Sasai at 0:15:36.07 on Tue 05/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.279 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
SVCHOST.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SVCHOST.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sasai\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://search.live.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll
TB: @c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R280 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\windows\temp\E_S9A.tmp" /EF "HKCU "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [LaunchApp] Alaunch
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AcerNotebookManager] c:\program files\acer\notebook manager\almxptray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1430.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [2004-3-18 6431]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [2004-3-4 4243]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-9-9 188992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-23 102448]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-9-9 5760]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100507.016\naveng.sys [2010-5-7 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100507.016\navex15.sys [2010-5-7 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]

=============== Created Last 30 ================

2010-05-06 07:19:52 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-05-06 07:19:49 0 d-----w- c:\program files\McAfee Security Scan
2010-05-03 22:34:23 0 d-sh--w- c:\documents and settings\sasai\IECompatCache
2010-04-28 22:33:32 0 d-sh--w- c:\documents and settings\sasai\PrivacIE
2010-04-28 08:07:37 0 d-sh--w- c:\documents and settings\sasai\IETldCache
2010-04-28 07:58:02 0 d-----w- c:\windows\ie8updates
2010-04-28 07:55:45 0 d--h--w- c:\windows\ie8
2010-04-28 07:55:24 0 d-----w- c:\program files\MSN Toolbar
2010-04-28 07:53:45 0 d-----w- c:\program files\Bing Bar Installer
2010-04-28 07:53:39 0 d--h--w- c:\windows\msdownld.tmp
2010-04-28 07:50:42 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-28 07:50:42 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-28 07:50:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-28 07:50:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-28 07:50:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-28 07:50:24 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-28 02:36:37 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-28 02:36:37 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-04-28 02:36:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 23:17:36 0 d-----w- c:\documents and settings\sasai\Tracing
2010-04-27 23:16:00 0 d-----w- c:\program files\Microsoft
2010-04-27 23:15:42 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-27 23:09:46 0 d-----w- c:\program files\common files\Windows Live
2010-04-27 06:24:13 0 d-sh--w- c:\documents and settings\sasai\UserData
2010-04-24 18:48:10 0 d-sh--w- C:\FOUND.000
2010-04-24 07:14:21 0 d-----w- C:\EPSONREG
2010-04-24 07:09:51 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-04-24 07:09:00 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-04-24 07:08:59 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-24 07:08:58 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-24 07:08:55 126976 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr
2010-04-24 07:08:43 0 d-----w- c:\windows\system32\PhotoImpression Slideshow
2010-04-24 07:07:24 0 d-----w- c:\program files\EPSON Print CD
2010-04-24 07:06:30 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-04-24 07:06:10 0 d-----w- c:\program files\EPSON
2010-04-24 07:05:43 44 ----a-w- c:\windows\EPSPR280.ini
2010-04-23 23:09:47 0 d-----w- c:\windows\system32\KB905474
2010-04-23 23:04:46 0 d-----w- c:\windows\ServicePackFiles
2010-04-23 22:30:52 0 d-----w- c:\windows\system32\CatRoot_bak
2010-04-23 22:26:17 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 22:24:35 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-23 22:24:35 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-23 22:24:34 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-23 22:24:34 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-23 08:21:29 0 d-----w- c:\windows\system32\PreInstall
2010-04-23 08:21:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-23 08:21:27 0 d--h--w- c:\windows\$hf_mig$
2010-04-23 08:13:34 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-23 08:07:12 0 d-----w- c:\windows\SHELLNEW
2010-04-23 08:02:02 0 ----a-w- c:\windows\vpc32.INI
2010-04-23 07:57:55 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-23 07:55:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-23 07:55:29 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-23 07:55:29 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-23 07:55:29 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-23 07:55:27 0 d-----w- c:\windows\RegisteredPackages
2010-04-23 07:55:11 0 d-----w- c:\program files\Symantec AntiVirus
2010-04-23 07:54:09 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-04-23 07:54:09 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-04-23 07:54:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-04-23 07:54:09 0 d-----w- c:\program files\Symantec
2010-04-23 07:54:09 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-23 07:54:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-23 07:48:08 83 ----a-w- c:\windows\QtZgAcer.UNI
2010-04-23 07:48:08 0 d-----w- c:\program files\Launch Manager
2010-04-23 07:48:07 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-04-23 07:48:07 17983 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-04-23 07:48:07 126976 ----a-w- c:\windows\UNINST32.EXE
2010-04-23 07:47:27 0 d-----w- c:\program files\ATI Technologies
2010-04-23 07:25:45 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-23 07:25:37 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

==================== Find3M ====================

2010-04-23 07:23:58 4233 ----a-w- c:\windows\CLEANUP.CMD
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 05:21:20 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 05:21:14 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2010-02-26 06:12:22 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-26 06:12:18 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-02-26 06:12:16 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2010-02-26 06:12:16 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 10:53:10 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2010-02-25 06:24:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:38 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:38 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:38 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:36 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:36 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 0:15:54.78 ===============

 

And Combofix?

 

Pardon the beginner like me Here is the log from combofix

ComboFix 10-05-17.01 - Sasai 05/19/2010 19:31:00.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.625 [GMT -7:00]
Running from: c:\documents and settings\Sasai\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Uninstall.ini

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-06 07:20 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Sasai\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-06 07:20 . 2010-05-06 07:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-06 07:19 . 2010-05-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-06 07:19 . 2010-05-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-05-06 07:19 . 2010-05-06 07:19 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-06 07:19 . 2010-05-06 07:19 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-06 07:19 . 2010-05-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-04 06:09 . 2010-05-04 06:09 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-05-03 22:34 . 2010-05-03 22:34 -------- d-sh--w- c:\documents and settings\Sasai\IECompatCache
2010-05-01 19:45 . 2010-05-01 19:45 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\Temp
2010-05-01 19:09 . 2010-05-01 19:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-01 19:09 . 2010-05-01 19:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-01 18:31 . 2010-05-01 18:31 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\Google
2010-05-01 08:16 . 2010-05-01 08:16 -------- d-----w- c:\program files\Google
2010-04-29 05:07 . 2010-04-29 05:07 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-04-28 23:11 . 2010-04-28 23:11 -------- d-----w- c:\documents and settings\Sasai\Application Data\AdobeUM
2010-04-28 23:11 . 2010-04-28 23:11 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\Adobe
2010-04-28 23:08 . 2010-04-28 23:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-28 22:33 . 2010-04-28 22:33 -------- d-sh--w- c:\documents and settings\Sasai\PrivacIE
2010-04-28 08:17 . 2010-04-28 08:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-04-28 08:11 . 2010-04-28 08:11 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-04-28 08:07 . 2010-04-28 08:07 -------- d-sh--w- c:\documents and settings\Sasai\IETldCache
2010-04-28 07:58 . 2010-04-28 07:58 -------- d-----w- c:\windows\ie8updates
2010-04-28 07:55 . 2010-04-28 07:55 -------- d--h--w- c:\windows\ie8
2010-04-28 07:55 . 2010-04-28 07:55 -------- d-----w- c:\program files\MSN Toolbar
2010-04-28 07:55 . 2010-04-28 07:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-28 07:53 . 2010-04-28 07:53 -------- d-----w- c:\program files\Bing Bar Installer
2010-04-28 07:53 . 2010-04-28 07:53 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-28 07:50 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-28 07:50 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-28 07:50 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-28 07:50 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-28 07:50 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-28 07:50 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-28 03:07 . 2010-04-28 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-04-28 03:07 . 2010-04-28 03:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-04-28 02:36 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-28 02:36 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-27 23:17 . 2010-04-27 23:17 -------- d-----w- c:\documents and settings\Sasai\Tracing
2010-04-27 23:16 . 2010-04-27 23:16 -------- d-----w- c:\program files\Microsoft
2010-04-27 23:15 . 2010-04-27 23:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-27 23:15 . 2010-04-27 23:15 -------- d-----w- c:\program files\Windows Live
2010-04-27 23:09 . 2010-04-27 23:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-27 06:45 . 2010-04-27 06:45 89968 ----a-w- c:\documents and settings\Sasai\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-27 06:24 . 2010-04-27 06:24 -------- d-sh--w- c:\documents and settings\Sasai\UserData
2010-04-24 18:48 . 2010-04-24 18:48 -------- d-----w- C:\FOUND.000
2010-04-24 07:14 . 2010-04-24 07:14 -------- d-----w- c:\documents and settings\Sasai\Application Data\Leadertech
2010-04-24 07:14 . 2010-04-24 07:14 -------- d-----w- C:\EPSONREG
2010-04-24 07:10 . 2010-04-24 07:10 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\ArcSoft
2010-04-24 07:09 . 2010-04-24 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-04-24 07:09 . 2010-04-24 07:09 -------- d-----w- c:\documents and settings\Sasai\Application Data\ArcSoft
2010-04-24 07:09 . 2005-02-23 21:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-04-24 07:08 . 2010-04-24 07:09 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-24 07:08 . 2004-12-07 17:11 258352 ----a-w- c:\windows\system32\unicows.dll
2010-04-24 07:08 . 1995-08-01 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-24 07:08 . 2006-10-20 23:11 126976 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr
2010-04-24 07:08 . 2010-04-24 07:08 -------- d-----w- c:\windows\system32\PhotoImpression Slideshow
2010-04-24 07:08 . 2010-04-24 07:08 -------- d-----w- c:\program files\ArcSoft
2010-04-24 07:07 . 2010-04-24 07:07 -------- d-----w- c:\program files\EPSON Print CD
2010-04-23 23:09 . 2010-04-23 23:09 -------- d-----w- c:\windows\system32\KB905474
2010-04-23 23:04 . 2010-04-23 23:04 -------- d-----w- c:\windows\ServicePackFiles
2010-04-23 22:30 . 2010-04-23 22:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-04-23 22:26 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 22:24 . 2010-02-16 13:19 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-23 22:24 . 2010-02-16 13:17 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-23 22:24 . 2010-02-16 12:39 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-23 22:24 . 2010-02-16 12:39 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-23 08:21 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-23 08:21 . 2010-04-23 08:21 -------- d--h--w- c:\windows\$hf_mig$
2010-04-23 08:13 . 2008-11-10 18:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-23 08:13 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-23 08:12 . 2010-04-23 08:12 -------- d-----w- c:\program files\Microsoft Works
2010-04-23 08:12 . 2010-04-23 08:12 -------- d-----w- c:\program files\MSBuild
2010-04-23 08:07 . 2010-04-23 08:07 -------- d-----w- c:\windows\SHELLNEW
2010-04-23 08:06 . 2010-04-23 08:06 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\Microsoft Help
2010-04-23 08:06 . 2010-04-23 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-23 08:06 . 2010-04-23 08:06 -------- d-----r- C:\MSOCache
2010-04-23 07:56 . 2010-04-23 07:56 -------- d-----w- c:\documents and settings\Sasai\Local Settings\Application Data\Symantec
2010-04-23 07:55 . 2010-04-23 07:55 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-23 07:55 . 2010-04-23 07:55 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-23 07:55 . 2010-04-23 07:55 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-23 07:54 . 2010-04-23 07:54 -------- d-----w- c:\program files\Symantec
2010-04-23 07:54 . 2010-04-23 07:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-23 07:54 . 2010-04-23 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-23 07:54 . 2007-03-22 03:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-04-23 07:54 . 2007-03-22 03:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-04-23 07:54 . 2007-03-22 03:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-04-23 07:48 . 2010-04-23 07:48 -------- d-----w- c:\program files\Launch Manager
2010-04-23 07:48 . 2002-12-19 22:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-04-23 07:48 . 2002-11-20 23:29 17983 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-04-23 07:48 . 2002-11-05 21:07 126976 ----a-w- c:\windows\UNINST32.EXE
2010-04-23 07:25 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 06:34 . 2004-09-10 00:00 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-24 10:23 . 2004-09-09 23:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\documents and settings\Sasai\Application Data\InstallShield
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\program files\EPSON
2010-04-23 07:55 . 2010-04-23 07:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-23 07:55 . 2010-04-23 07:55 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-23 07:47 . 2010-04-23 07:47 -------- d-----w- c:\program files\ATI Technologies
2010-04-23 07:23 . 2004-09-09 23:35 4233 ----a-w- c:\windows\CLEANUP.CMD
2010-03-10 06:15 . 1980-01-01 07:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 1980-01-01 07:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"ATIModeChange "= "Ati2mdxx.exe" [2001-09-04 28672]
"SoundMan "= "SOUNDMAN.EXE" [2003-12-20 65024]
"AGRSMMSG "= "AGRSMMSG.exe" [2003-09-24 88363]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2003-04-28 184320]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-18 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-18 610304]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2004-08-04 110592]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AcerNotebookManager "= "c:\program files\Acer\Notebook Manager\almxptray.exe" [2004-03-18 510464]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-28 335872]
"LManager "= "c:\program files\Launch Manager\QtZgAcer.EXE" [2004-05-14 311296]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 53096]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-01 125368]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe" [2010-04-01 243544]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
"9124:TCP "= 9124:TCP:Services
"9123:TCP "= 9123:TCP:Services
"3389:TCP "= 3389:TCP:Remote Desktop

R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [3/18/2004 6:42 PM 6431]
R2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [3/4/2004 7:40 PM 4243]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [9/9/2004 4:48 PM 188992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/23/2010 3:14 PM 102448]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [9/9/2004 4:48 PM 5760]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2010 11:40 AM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 5:41 PM 116664]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-23 05:18]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 18:40]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 19:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-19 19:36:09
ComboFix-quarantined-files.txt 2010-05-20 02:36

Pre-Run: 23,795,105,792 bytes free
Post-Run: 24,185,208,832 bytes free

- - End Of File - - 925B8FFD8E11CED2629173BA84B0F93E

 

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

=========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Here is the OTL.txt :

OTL logfile created on: 5/22/2010 9:51:30 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Sasai\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.14 Gb Total Space | 22.43 Gb Free Space | 60.38% Space Free | Partition Type: FAT32
Drive D: | 37.37 Gb Total Space | 27.60 Gb Free Space | 73.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOMPONG
Current User Name: Sasai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/22 09:50:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sasai\Desktop\OTL.exe
PRC - [2010/04/01 16:58:14 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:05:28 | 000,311,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/09/30 17:41:14 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/09/30 17:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 17:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/06/24 18:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 18:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/06/24 18:17:34 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/14 10:54:28 | 000,311,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2004/03/18 15:42:54 | 000,510,464 | ---- | M] (Acer) -- C:\Program Files\Acer\Notebook Manager\almxptray.exe
PRC - [2003/12/19 17:53:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/04/28 15:08:00 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2003/04/18 14:36:22 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/22 09:50:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sasai\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/04/18 14:35:32 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/14 21:05:26 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/09/30 17:41:08 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 17:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 17:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/20 15:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 18:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 18:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/09/12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/17 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100522.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100522.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/23 15:14:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/23 00:55:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/29 08:38:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/20 15:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 15:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/05/28 11:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 11:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/09 16:56:26 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2004/08/20 00:41:46 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/03 23:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2004/03/18 18:42:24 | 000,006,431 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acernbm.sys -- (acernbm)
DRV - [2004/03/12 14:26:00 | 000,188,992 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2004/03/10 14:44:00 | 000,005,760 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2004/03/04 19:40:44 | 000,004,243 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osadmi.sys -- (osadmi)
DRV - [2004/01/27 21:56:58 | 000,669,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/19 20:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/16 16:08:00 | 000,113,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/10/08 17:39:00 | 000,091,395 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2003/09/23 17:07:00 | 001,197,740 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/18 14:00:48 | 000,270,288 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/11/20 16:29:12 | 000,017,983 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\Firefox [2010/04/28 00:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/28 00:55:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe (Acer)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/09 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/09 16:14:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (74323004602974208)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/22 09:50:37 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sasai\Desktop\OTL.exe
[2010/05/19 19:34:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/18 23:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/18 23:18:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/18 23:18:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/18 23:18:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/18 23:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/18 23:18:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/18 00:21:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/09 09:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Desktop\Green Card
[2010/05/06 00:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/05/06 00:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/06 00:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/06 00:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/05/06 00:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/05/06 00:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/03 15:34:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sasai\IECompatCache
[2010/05/01 12:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Temp
[2010/05/01 12:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/01 12:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/01 11:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Google
[2010/05/01 11:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\Google
[2010/05/01 01:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/01 01:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/28 22:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/28 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\AdobeUM
[2010/04/28 16:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Adobe
[2010/04/28 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\My Documents\My eBooks
[2010/04/28 16:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\Adobe
[2010/04/28 16:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 15:33:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sasai\PrivacIE
[2010/04/28 01:07:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sasai\IETldCache
[2010/04/28 00:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/28 00:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/28 00:55:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/28 00:55:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/28 00:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/04/28 00:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/28 00:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/04/28 00:53:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/04/27 16:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Tracing
[2010/04/27 16:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/27 16:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/27 16:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/27 16:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/27 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/26 23:24:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sasai\UserData
[2010/04/24 11:48:10 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010/04/24 00:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\Leadertech
[2010/04/24 00:14:21 | 000,000,000 | ---D | C] -- C:\EPSONREG
[2010/04/24 00:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\ArcSoft
[2010/04/24 00:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/04/24 00:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\ArcSoft
[2010/04/24 00:09:00 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/04/24 00:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/04/24 00:08:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/04/24 00:08:55 | 000,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Slideshow.scr
[2010/04/24 00:08:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PhotoImpression Slideshow
[2010/04/24 00:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/04/24 00:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Print CD
[2010/04/24 00:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\InstallShield
[2010/04/24 00:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/24 00:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/04/23 16:09:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/04/23 16:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/23 15:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/04/23 15:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\Macromedia
[2010/04/23 01:21:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/23 01:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/23 01:21:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/23 01:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/23 01:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/23 01:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/23 01:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/23 01:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/23 01:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Microsoft Help
[2010/04/23 01:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/23 01:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/23 01:06:07 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/04/23 00:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/23 00:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Symantec
[2010/04/23 00:55:29 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/23 00:55:29 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/23 00:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/23 00:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/04/23 00:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/23 00:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/23 00:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/23 00:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/04/23 00:48:07 | 000,126,976 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010/04/23 00:48:07 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010/04/23 00:48:07 | 000,017,983 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010/04/23 00:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/23 00:47:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sasai\Application Data\Microsoft
[2010/04/23 00:47:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sasai\SendTo
[2010/04/23 00:47:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sasai\Recent
[2010/04/23 00:47:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sasai\Application Data
[2010/04/23 00:47:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sasai\Start Menu
[2010/04/23 00:47:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sasai\My Documents\My Pictures
[2010/04/23 00:47:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sasai\My Documents\My Music
[2010/04/23 00:47:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sasai\My Documents
[2010/04/23 00:47:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sasai\Favorites
[2010/04/23 00:47:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sasai\Cookies
[2010/04/23 00:47:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sasai\Templates
[2010/04/23 00:47:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sasai\PrintHood
[2010/04/23 00:47:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sasai\NetHood
[2010/04/23 00:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Local Settings\Application Data\Microsoft
[2010/04/23 00:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Application Data\Identities
[2010/04/23 00:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sasai\Desktop
[2010/04/23 00:47:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sasai\Local Settings
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/22 09:50:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sasai\Desktop\OTL.exe
[2010/05/22 09:50:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 09:39:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/22 09:38:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 09:38:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 09:38:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 09:38:32 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/21 15:17:24 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Sasai\NTUSER.DAT
[2010/05/21 15:17:18 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/05/21 15:17:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sasai\ntuser.ini
[2010/05/21 15:17:08 | 004,972,588 | -H-- | M] () -- C:\Documents and Settings\Sasai\Local Settings\Application Data\IconCache.db
[2010/05/19 19:34:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/18 23:17:14 | 003,690,854 | R--- | M] () -- C:\Documents and Settings\Sasai\Desktop\ComboFix.exe
[2010/05/17 23:25:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 01:13:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Sasai\Desktop\dds.scr
[2010/05/12 23:20:16 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Sasai\Desktop\Taye Schedule.xls
[2010/05/09 09:32:20 | 001,353,950 | ---- | M] () -- C:\Documents and Settings\Sasai\Desktop\Dang birth cer.jpg
[2010/05/06 00:25:26 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/06 00:20:42 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/06 00:19:52 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/05/06 00:19:52 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/04/30 00:36:06 | 000,014,907 | ---- | M] () -- C:\Documents and Settings\Sasai\My Documents\HUIGUANG resume.docx
[2010/04/29 01:29:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 15:28:06 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 01:18:36 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/26 23:45:46 | 000,089,968 | ---- | M] () -- C:\Documents and Settings\Sasai\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/26 22:58:12 | 000,175,352 | ---- | M] () -- C:\Documents and Settings\Sasai\Desktop\Dang001.jpg
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 15:05:00 | 000,011,423 | ---- | M] () -- C:\Documents and Settings\Sasai\My Documents\assignment 0419.docx
[2010/04/24 15:00:08 | 000,358,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 15:00:08 | 000,313,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 15:00:08 | 000,041,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 00:14:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\EPSPR280.ini
[2010/04/24 00:10:12 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus R280 User's Guide.lnk
[2010/04/24 00:09:50 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/04/24 00:09:00 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 6.lnk
[2010/04/24 00:07:56 | 000,001,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk
[2010/04/23 01:02:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/04/23 00:55:34 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/23 00:55:34 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/23 00:55:34 | 000,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/23 00:55:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/23 00:50:02 | 000,000,091 | ---- | M] () -- C:\WINDOWS\ALaunch.ini
[2010/04/23 00:48:10 | 000,000,083 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/04/23 00:47:56 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Sasai\Desktop\Windows Media Player.lnk
[2010/04/23 00:46:18 | 000,000,815 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/23 00:46:16 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/23 00:46:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/23 00:25:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/23 00:23:58 | 000,004,233 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 23:18:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/18 23:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/18 23:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/18 23:18:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/18 23:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/18 23:17:14 | 003,690,854 | R--- | C] () -- C:\Documents and Settings\Sasai\Desktop\ComboFix.exe
[2010/05/16 01:13:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Sasai\Desktop\dds.scr
[2010/05/09 09:32:14 | 001,353,950 | ---- | C] () -- C:\Documents and Settings\Sasai\Desktop\Dang birth cer.jpg
[2010/05/06 00:25:25 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/06 00:20:40 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/06 00:19:50 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/05/06 00:19:50 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/05 00:26:56 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Sasai\Desktop\Taye Schedule.xls
[2010/05/01 11:40:46 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 11:40:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/30 00:36:04 | 000,014,907 | ---- | C] () -- C:\Documents and Settings\Sasai\My Documents\HUIGUANG resume.docx
[2010/04/26 22:58:11 | 000,175,352 | ---- | C] () -- C:\Documents and Settings\Sasai\Desktop\Dang001.jpg
[2010/04/25 15:04:23 | 000,011,423 | ---- | C] () -- C:\Documents and Settings\Sasai\My Documents\assignment 0419.docx
[2010/04/24 00:10:11 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus R280 User's Guide.lnk
[2010/04/24 00:09:49 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/04/24 00:08:58 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 6.lnk
[2010/04/24 00:07:54 | 000,001,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk
[2010/04/24 00:06:55 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/04/24 00:06:55 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/04/24 00:06:55 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/04/24 00:06:55 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/04/24 00:06:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/04/24 00:06:55 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/04/24 00:06:55 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/04/24 00:06:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/04/24 00:06:55 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/04/24 00:06:55 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/04/24 00:06:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/04/24 00:06:54 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/04/24 00:06:54 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/04/24 00:06:54 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/04/24 00:06:54 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/04/24 00:06:54 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/04/24 00:06:54 | 000,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/04/24 00:06:54 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/04/24 00:06:54 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/04/24 00:06:54 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/04/24 00:06:54 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/04/24 00:06:54 | 000,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/04/24 00:05:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2010/04/23 16:09:47 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/23 01:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/04/23 00:55:29 | 000,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/23 00:55:29 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/23 00:48:08 | 000,000,083 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010/04/23 00:47:54 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Sasai\Desktop\Windows Media Player.lnk
[2010/04/23 00:47:12 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Sasai\NTUSER.DAT
[2010/04/23 00:47:12 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Sasai\ntuser.dat.LOG
[2010/04/23 00:47:12 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Sasai\ntuser.ini
[2010/04/23 00:46:15 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/23 00:46:15 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/04/23 00:25:45 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/23 00:25:03 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2004/09/09 17:06:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/09 16:58:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2004/09/09 16:56:25 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/09/09 16:49:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/09/09 16:49:45 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/09/09 16:43:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/09/09 16:38:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/09 16:38:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/09/09 16:35:22 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/09 16:25:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/18 18:42:24 | 000,006,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\acernbm.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[1980/01/01 00:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[1980/01/01 00:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[1980/01/01 00:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[1980/01/01 00:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 00:00:00 | 000,002,134 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2010/04/24 00:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/24 00:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sasai\Application Data\Leadertech
[2010/05/22 09:39:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 11:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 22:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2004/09/09 16:18:32 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2004/09/09 16:18:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/09 16:18:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< End of report >

 

Here is the Extra.txt :

OTL Extras logfile created on: 5/22/2010 9:51:30 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Sasai\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.14 Gb Total Space | 22.43 Gb Free Space | 60.38% Space Free | Partition Type: FAT32
Drive D: | 37.37 Gb Total Space | 27.60 Gb Free Space | 73.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOMPONG
Current User Name: Sasai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9123:TCP" = 9123:TCP:*:Enabled:Services
"9124:TCP" = 9124:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9124:TCP" = 9124:TCP:*:Enabled:Services
"9123:TCP" = 9123:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069EE540-BB8F-47C2-95B2-63EBB6F7B29E}" = O2Micro MemoryCardBus & Smart Card Reader Windows Driver
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2FA1ED-8248-42DF-A78A-48D40133129E}" = Acer Notebook Manager
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8A1013-4E46-4E02-85C2-3168C3328432}" = Symantec AntiVirus
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C7A6D88C-8E19-4845-8C8F-09BA5F90ECC9}" = Bing Bar Platform
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ie8" = Windows Internet Explorer 8
"InstallShield_{069EE540-BB8F-47C2-95B2-63EBB6F7B29E}" = O2Micro MemoryCardBus & Smart Card Reader Windows Driver
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2010 9:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/10/2010 10:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/10/2010 11:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/11/2010 12:50:16 AM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 11:50:15 AM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 12:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 1:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 2:50:14 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 6:50:15 PM | Computer Name = SOMPONG | Source = Google Update | ID = 20
Description =

Error - 5/15/2010 2:32:49 PM | Computer Name = SOMPONG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/27/2010 2:57:26 AM | Computer Name = SOMPONG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Flash Player (KB923789).

Error - 4/28/2010 4:17:26 AM | Computer Name = SOMPONG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Flash Player (KB923789).

Error - 4/29/2010 1:06:13 AM | Computer Name = SOMPONG | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3
00000000, parameter4 804fed1f.

Error - 4/29/2010 4:25:37 AM | Computer Name = SOMPONG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Flash Player (KB923789).

Error - 4/30/2010 4:16:41 AM | Computer Name = SOMPONG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Flash Player (KB923789).

Error - 5/3/2010 4:00:13 AM | Computer Name = SOMPONG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000E35433253.

Error - 5/3/2010 8:07:44 PM | Computer Name = SOMPONG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000E35433253.

Error - 5/7/2010 3:30:01 PM | Computer Name = SOMPONG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000E35433253.

Error - 5/9/2010 7:43:25 AM | Computer Name = SOMPONG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000E35433253.

Error - 5/10/2010 2:46:33 AM | Computer Name = SOMPONG | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000E35433253.


< End of report >

 

What was the result of the above?

 

Here you go.. from Jotti's

Filename: arh.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Thu 8 Apr 2010 21:33:23 (CET) Permalink

File size: 86016 bytes
Filetype: PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5: 8c27e380661ecbe327203f3b1456dd2c
SHA1: 56e3abca71e56065fb1e91be7a070ddb8fe6f132

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :file
  c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

From System Look :

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:30 on 24/05/2010 by Sasai (Administrator - Elevation successful)

========== file ==========

c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe - File found and opened.
MD5: 8C27E380661ECBE327203F3B1456DD2C
Created at 07:19 on 06/05/2010
Modified at 07:19 on 06/05/2010
Size: 86016 bytes
Attributes: --a---
No version information available.

-=End Of File=-

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.

====

How is the pc?

 

From OTL :

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sasai
->Temp folder emptied: 4341119 bytes
->Temporary Internet Files folder emptied: 93741879 bytes
->Flash cache emptied: 43771 bytes

User: HelpAssistant
->Temp folder emptied: 18099859 bytes
->Temporary Internet Files folder emptied: 358026899 bytes
->Flash cache emptied: 43520 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 103441 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 263552 bytes
Windows Temp folder emptied: 813406 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 454.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.0 log created on 05262010_230929

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DF39CE.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DF8E99.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFC1B.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFC2D.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFCCE.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFCE0.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFD52.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFD5B.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFDC2.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DFFDD4.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DF5EDF.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DF3E1C.tmp not found!
File\Folder C:\Documents and Settings\Sasai\Local Settings\Temp\~DF53D2.tmp not found!
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\EIH1AIC7\openhand_8_8[1].bmp moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\EIH1AIC7\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\search[3].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\contact-us[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\default[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\93013-active-asking-personal-information-when-i-try-login[1].html moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\4OFOEJIP\iframescript[2].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\E3LISGZW\im[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\E3LISGZW\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\E3LISGZW\afr[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\E3LISGZW\ads[8].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\JT3E6CEK\BuddyList[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\JT3E6CEK\ToastFull[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\JT3E6CEK\ToastMini[1].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\Content.IE5\JT3E6CEK\ads[6].htm moved successfully.
C:\Documents and Settings\Sasai\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Do you still have the problem?

 

OMG!
I'm able to log on my ebay and bank account without the page that asking my personal information again.

Thnx so much

 

Good news. I just need you to do one more thing please.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

Here is from the kaspersky website; antivirus scan.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 03, 2010 03:05:55
Records in database: 4196870
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 57359
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:19:40

No threats found. Scanned area is clean.

Selected area has been scanned.

 

Sorry for my late reply.
That looks good. You are free to go .

Launch OTL and click on the Cleanup button. Follow the prompts.

That will remove those tools we used. Bon Voyage.