Solved Win32 rogueav.a Google redirect icityfind redirect

mzkhrissy · 2011/03/26

[Resolved] Win32 rogueav.a Google redirect icityfind redirect

Id like some help please with a redirect issue. It says my log is to long to post? Ive ran some tools to remove this but want to be sure. Is it the OTL log you would like me to post?

broni · 2011/03/26

Welcome aboard

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

mzkhrissy · 2011/03/27

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/27/2011 1:08:04 AM
mbam-log-2011-03-27 (01-08-04).txt

Scan type: Quick scan
Objects scanned: 210297
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/03/27

Go on....

mzkhrissy · 2011/03/27

DDS LOG:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by khrissy.tiano at 4:06:03.04 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2991.2253 [GMT -4:00]
.
AV: avast! antivirus 4.8.1368 [VPS 110326-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
C:\WINDOWS\system32\ASTSRV.EXE
c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\uArcCapture.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\ufgjf79x.exe
C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [DTRun] c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTRun.exe
mRun: [Cpqset] "c:\program files\hewlett-packard\default settings\cpqset.exe "
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\khriss~1.ogt\applic~1\mozilla\firefox\profiles\v98b3p4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-12-15 110520]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-12-15 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-12-15 13256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2011-3-3 114768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 214024]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-12-15 40088]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\ArcSecurity.exe [2009-11-22 80384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2011-3-3 138680]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-1-7 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-12-15 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-12-11 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-1-4 264248]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-14 635416]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2011-3-4 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-3-4 2320920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-3-4 113664]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2011-3-4 27648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-4 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-4 205824]
S2 0202751299215090mcinstcleanup;McAfee Application Installer Cleanup (0202751299215090);c:\docume~1\admini~1\locals~1\temp\020275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\020275~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2011-3-3 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2011-3-3 352920]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-14 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 34248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-14 181792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-27 02:30:37 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-03-26 22:07:50 -------- d-----w- C:\_OTL
2011-03-26 20:16:38 -------- d-----w- c:\program files\ESET
2011-03-26 19:58:27 -------- d-sha-r- C:\cmdcons
2011-03-24 19:31:42 45056 ----a-r- c:\docume~1\khriss~1.ogt\applic~1\microsoft\installer\{87c060b5-7871-4f74-986e-c65e5f8d35da}\NewShortcut2_87C060B578714F74986EC65E5F8D35DA.exe
2011-03-24 19:31:42 45056 ----a-r- c:\docume~1\khriss~1.ogt\applic~1\microsoft\installer\{87c060b5-7871-4f74-986e-c65e5f8d35da}\NewShortcut1_87C060B578714F74986EC65E5F8D35DA.EXE
2011-03-24 19:31:39 -------- d-----w- c:\program files\Cosmi
2011-03-21 05:49:28 -------- d-----w- c:\docume~1\khriss~1.ogt\applic~1\Malwarebytes
2011-03-21 05:49:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 05:49:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-21 05:49:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-21 05:49:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 05:40:13 -------- d-----w- c:\windows\pss
2011-03-21 05:16:00 388096 ----a-r- c:\docume~1\khriss~1.ogt\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-21 05:15:59 -------- d-----w- c:\program files\Trend Micro
2011-03-21 00:54:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-21 00:54:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-20 23:19:14 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\BMIGBKYQPP
2011-03-20 05:47:08 -------- d--h--w- c:\docume~1\alluse~1\applic~1\{A040077C-2A99-4039-A7FE-2D89E1233041}
2011-03-20 05:47:08 -------- d-----w- c:\program files\Greenbrier Graphics
2011-03-20 02:10:44 -------- d-----w- c:\docume~1\khriss~1.ogt\locals~1\applic~1\PCHealth
2011-03-20 00:07:33 -------- d-----w- c:\docume~1\khriss~1.ogt\applic~1\Xerox
2011-03-20 00:07:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Xerox
2011-03-20 00:04:43 -------- d-----w- c:\docume~1\khriss~1.ogt\locals~1\applic~1\WinZip
2011-03-16 13:20:58 -------- d-----w- c:\documents and settings\khrissy.tiano.ogta\Spark
2011-03-16 13:19:02 -------- d-----w- c:\docume~1\khriss~1.ogt\locals~1\applic~1\Hewlett-Packard
2011-03-16 13:18:06 -------- d-sh--w- c:\documents and settings\khrissy.tiano.ogta\IECompatCache
2011-03-16 13:17:21 -------- d-sh--w- c:\documents and settings\khrissy.tiano.ogta\PrivacIE
2011-03-16 13:10:02 -------- d-----w- c:\docume~1\khriss~1.ogt\locals~1\applic~1\Adobe
2011-03-14 20:14:40 -------- d-----w- c:\windows\system32\%appdata%
2011-03-14 17:08:00 -------- d-----w- c:\windows\system32\sda
2011-03-04 19:22:00 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-04 19:17:14 -------- d-----w- C:\Backup
2011-03-04 17:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-03-04 15:14:08 -------- d-----w- c:\program files\StorageCraft
2011-03-04 15:11:12 -------- d-----w- c:\program files\Spark
2011-03-04 14:57:06 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-03-04 14:56:44 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-04 14:55:43 -------- d-----w- c:\windows\system32\LogFiles
2011-03-04 14:54:56 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-03-04 05:08:19 -------- d-----w- c:\windows\ie8updates
2011-03-04 05:05:38 434 ----a-w- c:\windows\myClean.bat
2011-03-04 04:52:15 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-03-04 04:51:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-04 04:51:39 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-03-04 04:51:30 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-04 04:51:30 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-04 04:51:29 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-04 04:51:29 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-04 04:51:27 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-04 04:51:27 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-03-04 04:46:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-04 04:46:11 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-04 04:45:45 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-04 04:45:45 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-04 04:45:45 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-04 04:45:26 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-04 04:45:12 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-04 04:45:08 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-04 04:45:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-03-04 04:44:47 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-03-04 04:44:47 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-03-04 04:44:35 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-03-04 04:44:35 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-03-04 04:44:35 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-03-04 04:44:35 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-03-04 04:44:34 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-03-04 04:44:34 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-03-04 04:44:34 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-03-04 04:44:33 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-03-04 04:44:26 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-03-04 04:43:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-04 04:43:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-04 04:43:06 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-04 04:43:05 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-03-04 04:43:04 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-04 04:43:04 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-04 04:41:58 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-03-04 04:41:18 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-03-04 04:41:14 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-03-04 04:40:41 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-04 04:40:37 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-03-04 04:40:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-04 04:40:11 -------- d-----w- c:\windows\system32\PreInstall
2011-03-04 04:37:30 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-03-04 04:20:54 -------- d-----r- c:\program files\Skype
2011-03-04 04:19:59 58208 ----a-w- c:\windows\system32\wsimd.sys
2011-03-04 04:19:59 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2011-03-04 04:19:52 1585728 ----a-w- c:\windows\system32\drivers\athw.sys
2011-03-04 04:19:52 -------- d-----w- c:\program files\Atheros
2011-03-04 04:19:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Atheros
2011-03-04 04:18:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2011-03-04 04:14:11 64000 ----a-w- c:\windows\system32\RegVCap32.exe
2011-03-04 04:14:11 506472 ----a-w- c:\windows\system32\uArcCapture.exe
2011-03-04 04:14:11 27648 ----a-w- c:\windows\system32\drivers\ArcSoftVCapture.sys
2011-03-04 04:14:11 25088 ----a-w- c:\windows\system32\arcvcapcoin.dll
2011-03-04 04:14:11 244312 ----a-w- c:\windows\system32\VDGraph.dll
2011-03-04 04:14:11 105064 ----a-w- c:\windows\system32\VDRender.ax
2011-03-04 04:14:11 100984 ----a-w- c:\windows\system32\ArcVCapture.dll
2011-03-04 04:13:42 33280 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-03-04 04:13:42 211840 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-03-04 04:13:41 312192 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-03-04 04:13:41 25984 ----a-w- c:\windows\snuvcdsm.exe
2011-03-04 04:13:41 1763968 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-03-04 04:13:39 255360 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-03-04 04:13:37 -------- d-----w- c:\program files\common files\SNP2UVC
2011-03-04 04:13:20 64000 ------w- c:\windows\system32\agrsmdel.exe
2011-03-04 04:13:20 14848 ------w- c:\windows\system32\agrsco64.dll
2011-03-04 04:13:14 -------- d-----w- c:\program files\LSI SoftModem
2011-03-04 04:13:04 -------- d-----w- c:\windows\Options
2011-03-04 04:12:51 86016 ----a-w- c:\windows\system32\AESTCom.dll
2011-03-04 04:12:51 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2011-03-04 04:12:51 3313664 ----a-w- c:\windows\system32\stlang.dll
2011-03-04 04:12:51 229461 ----a-w- c:\windows\system32\stacsv.exe
2011-03-04 04:12:51 11870301 ----a-w- c:\windows\system32\idtsg.cpl
2011-03-04 04:12:48 175616 ----a-w- c:\windows\system32\staco.dll
2011-03-04 04:12:46 540773 ----a-w- c:\windows\system32\stacapi.dll
2011-03-04 04:12:46 1656246 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-03-04 04:12:45 113664 ----a-w- c:\windows\system32\drivers\AESTAud.sys
2011-03-04 04:12:31 -------- d-----w- c:\program files\IDT
2011-03-04 04:12:00 -------- d-----w- c:\program files\common files\postureAgent
2011-03-04 04:11:57 41088 ----a-w- c:\windows\system32\drivers\HECI.sys
2011-03-04 04:11:24 -------- d-----w- c:\program files\Validity Sensors
2011-03-04 04:08:11 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-03-04 04:08:10 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-03-04 04:08:10 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-03-04 04:08:10 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2011-03-04 04:08:04 -------- d-----w- c:\program files\WIDCOMM
2011-03-04 04:03:59 125696 ----a-w- c:\windows\system32\drivers\Impcd.sys
2011-03-04 03:48:00 79360 ----a-w- c:\windows\system32\winar30.ime
2011-03-04 03:48:00 79360 ----a-w- c:\windows\system32\phon.ime
2011-03-04 03:48:00 78848 ----a-w- c:\windows\system32\dayi.ime
2011-03-04 03:48:00 78336 ----a-w- c:\windows\system32\chajei.ime
2011-03-04 03:48:00 77824 ----a-w- c:\windows\system32\quick.ime
2011-03-04 03:48:00 76288 ----a-w- c:\windows\system32\uniime.dll
2011-03-04 03:48:00 65536 ----a-w- c:\windows\system32\winime.ime
2011-03-04 03:48:00 65024 ----a-w- c:\windows\system32\unicdime.ime
2011-03-04 03:48:00 571392 ----a-w- c:\windows\system32\TINTLGNT.IME
2011-03-04 03:48:00 26112 ----a-w- c:\windows\system32\romanime.ime
2011-03-04 03:48:00 21504 ----a-w- c:\windows\system32\CINTLGNT.IME
2011-03-04 03:48:00 11776 ----a-w- c:\windows\system32\miniime.tpl
2011-03-04 03:46:57 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-03-04 03:46:57 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-03-04 03:46:57 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-03-04 03:46:57 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-03-04 03:46:57 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-03-04 03:46:57 4096 ----a-w- c:\windows\system32\dllcache\ksuser.dll
2011-03-04 03:46:57 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-03-04 03:46:57 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-03-04 03:46:56 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-03-04 03:46:56 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-03 21:52:13 -------- d-----w- c:\windows\system32\appmgmt
2011-03-03 21:46:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-03 21:46:30 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-03 21:46:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-03 21:43:46 -------- d-----w- c:\windows\SchCache
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 4:06:19.42 ===============

mzkhrissy · 2011/03/27

Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/3/2011 11:04:15 PM
System Uptime: 3/27/2011 1:01:53 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 1413
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 926/133mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Acrobat X Standard
Adobe Flash Player 10 ActiveX
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
Atheros Driver Installation Program
avast! Antivirus
Debugging Tools for Windows (x86)
Definition update for Microsoft Office 2010 (KB982726)
Device Access Manager for HP ProtectTools
Drive Encryption for HP ProtectTools
ESET Online Scanner v3
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Flow Chart Maker
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969238)
HP 3D DriveGuard
HP BatteryCheck 2.10 A2
HP ESU for Microsoft Windows XP
HP Help and Support
HP HotKey Support
HP Integrated Module with Bluetooth wireless technology
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP QuickLook
HP QuickWeb
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP User Guides 0189
HP Wallpaper
HP Webcam Driver
HP Wireless Assistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel® Matrix Storage Manager
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
Net Deed Plotter
PDF Complete Special Edition
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
Realtek Ethernet Controller All-In-One Windows Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skypeâ„¢ 4.1
Spark
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Theft Recovery
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Validity Fingerprint Driver
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 12.0
.
==== End Of File ===========================

mzkhrissy · 2011/03/27

GMER LOG

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 03:56:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9320423AS rev.0006HPM1
Running: ufgjf79x.exe; Driver: C:\DOCUME~1\KHRISS~1.OGT\LOCALS~1\Temp\axtcapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9916B6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9916B574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9916BA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9916B14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9916B64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9916B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9916B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9916B76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9916B72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9916B8AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1104] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1104] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

mzkhrissy · 2011/03/27

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000081c

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA5AE000 viaide.sys
0xBA5B0000 aliide.sys
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5B2000 dmload.sys
0xB9F05000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E13000 iaStor.sys
0xBA0F8000 SbAlg.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DF3000 fltmgr.sys
0xBA5B4000 SbFsLock.sys
0xB9DE1000 sr.sys
0xB9DCA000 KSecDD.sys
0xB9D3D000 Ntfs.sys
0xB9D10000 NDIS.sys
0xB9CF7000 SafeBoot.sys
0xB9CDD000 Mup.sys
0xBA338000 hpdskflt.sys
0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8E0E000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8DFA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA158000 \SystemRoot\system32\DRIVERS\HECI.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8DD6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8DAE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8C2A000 \SystemRoot\system32\DRIVERS\athw.sys
0xBA168000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA400000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0xB9567000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8B8D000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8A50000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9557000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA418000 \SystemRoot\system32\drivers\Afc.sys
0xB9547000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9537000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8A2D000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8A0E000 \SystemRoot\system32\DRIVERS\Impcd.sys
0xBA420000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0xB9C72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB891D000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA428000 \SystemRoot\system32\DRIVERS\ArcSoftVCapture.sys
0xB9527000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBA7E2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9517000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C6A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8906000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9507000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB94F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB88CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xB94E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA438000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA440000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB889D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB94D7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8145000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C4E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8FF1000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA490000 \SystemRoot\system32\DRIVERS\btport.sys
0xB8FE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A42A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99502000 \SystemRoot\system32\drivers\sthda.sys
0x994DE000 \SystemRoot\system32\drivers\portcls.sys
0x9A41A000 \SystemRoot\system32\drivers\drmk.sys
0x994C2000 \SystemRoot\system32\drivers\AESTAud.sys
0x993A5000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x99C96000 \SystemRoot\System32\Drivers\Modem.SYS
0x99372000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x99F1A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x998B1000 \SystemRoot\System32\Drivers\Null.SYS
0x99F18000 \SystemRoot\System32\Drivers\Beep.SYS
0x99C54000 \SystemRoot\System32\drivers\vga.sys
0x99F16000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x99F14000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x99C4C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x99C44000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9AFFF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9933F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x992E6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9A3FA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x992C0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9A3EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9A3DA000 \SystemRoot\system32\drivers\mfetdik.sys
0x99298000 \SystemRoot\system32\DRIVERS\netbt.sys
0x99276000 \SystemRoot\System32\drivers\afd.sys
0x99AF9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x99AD9000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x9924B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x991DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x991A8000 \SystemRoot\system32\drivers\mfehidk.sys
0x99AC9000 \SystemRoot\System32\Drivers\Fips.SYS
0x99184000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x99163000 \SystemRoot\System32\Drivers\aswSP.SYS
0x99C34000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x98FB5000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x99C2C000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x98EFE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x99C10000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6ABC000 \SystemRoot\System32\drivers\Dxapi.sys
0x99C1C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA71A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF05A000 \SystemRoot\System32\igxpdv32.DLL
0xBF36D000 \SystemRoot\System32\igxpdx32.DLL
0xBF71C000 \SystemRoot\System32\ATMFD.DLL
0x99A20000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x9D7A5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98E98000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x98D93000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA318000 \SystemRoot\system32\drivers\sysaudio.sys
0x98BD0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x98AB0000 \SystemRoot\system32\DRIVERS\srv.sys
0x98A99000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0x9899F000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0x9830A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x97E77000 \SystemRoot\System32\Drivers\HTTP.sys
0x981BE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x96443000 \??\C:\DOCUME~1\KHRISS~1.OGT\LOCALS~1\Temp\axtcapow.sys
0x9662F000 \SystemRoot\System32\Drivers\btwusb.sys
0x96385000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0x96304000 \SystemRoot\system32\drivers\btaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
788 C:\WINDOWS\system32\smss.exe
1036 csrss.exe
1060 C:\WINDOWS\system32\winlogon.exe
1104 C:\WINDOWS\system32\services.exe
1116 C:\WINDOWS\system32\lsass.exe
1288 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
1312 C:\WINDOWS\system32\svchost.exe
1352 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
1388 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1568 svchost.exe
1592 svchost.exe
1864 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1924 C:\Program Files\Alwil Software\Avast4\ashServ.exe
612 C:\WINDOWS\system32\spoolsv.exe
668 C:\Program Files\IDT\WDM\stacsv.exe
684 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
184 svchost.exe
272 msdtc.exe
528 C:\Program Files\LSI SoftModem\agrsmsvc.exe
544 C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
580 C:\WINDOWS\system32\ASTSRV.EXE
772 C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
984 C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
996 C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
968 C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
1080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1448 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1488 C:\Program Files\PDF Complete\pdfsvc.exe
1792 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1724 C:\WINDOWS\system32\svchost.exe
2020 C:\WINDOWS\system32\uArcCapture.exe
2056 C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2112 C:\WINDOWS\system32\mqsvc.exe
2244 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
2504 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
2548 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2584 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2784 wmiprvse.exe
2932 C:\WINDOWS\system32\mqtgsvc.exe
3080 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3144 unsecapp.exe
3344 alg.exe
1740 C:\WINDOWS\explorer.exe
3044 C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
688 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3420 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
3888 C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
956 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
3400 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
3416 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3464 C:\WINDOWS\system32\ctfmon.exe
2100 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3840 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
4008 PresentationFontCache.exe
2164 C:\Program Files\Mozilla Firefox\firefox.exe
4468 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
4728 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
5376 C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\ufgjf79x.exe
4200 C:\WINDOWS\system32\notepad.exe
4924 wmiprvse.exe
5300 C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004a`053a7600 (FAT32)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

mzkhrissy · 2011/03/27

Id like to thank you for taking the time to help me with this issue. Its been a long weekend...I had originally thought that I had removed this earlier this week and then started to notice the redirect happen. Thats when I figured it still was infected. I had taken previous steps to remove it before I found this forum on my own. I am not sure if im still infected...but I do know the redirecting has stopped and I can no longer find the trojan on my pc. I would like peace of mind to make sure this pc is safe. Thats why im looking to you professionals for assistance. I appreciate your assistance and time. Thank you again. ~Khrissy

broni · 2011/03/27

We'll keep checking....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mzkhrissy · 2011/03/27

ComboFix 11-03-27.01 - khrissy.tiano 03/27/2011 20:32:03.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2991.2399 [GMT -4:00]
Running from: c:\documents and settings\khrissy.tianGTA\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110327-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-27 02:53 . 2011-03-27 03:44 -------- d-----w- c:\windows\Symbols
2011-03-27 02:30 . 2011-03-27 04:15 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-03-26 22:07 . 2011-03-26 22:07 -------- d-----w- C:\_OTL
2011-03-26 20:16 . 2011-03-26 20:16 -------- d-----w- c:\program files\ESET
2011-03-25 20:27 . 2011-03-25 20:30 -------- d-----w- c:\documents and settings\mindy
2011-03-24 19:31 . 2011-03-24 19:31 -------- d-----w- c:\program files\Cosmi
2011-03-21 05:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 05:49 . 2011-03-21 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 05:49 . 2011-03-21 05:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 05:49 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-21 05:15 . 2011-03-21 05:15 -------- d-----w- c:\program files\Trend Micro
2011-03-21 00:54 . 2011-03-21 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-21 00:54 . 2011-03-21 00:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-20 23:19 . 2011-03-20 23:19 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BMIGBKYQPP
2011-03-20 05:47 . 2011-03-20 05:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A040077C-2A99-4039-A7FE-2D89E1233041}
2011-03-20 05:47 . 2011-03-20 05:47 -------- d-----w- c:\program files\Greenbrier Graphics
2011-03-20 00:07 . 2011-03-20 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Xerox
2011-03-19 04:55 . 2011-03-19 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\StorageCraft_Technology_C
2011-03-14 20:14 . 2011-03-14 20:14 -------- d-----w- c:\windows\system32\%appdata%
2011-03-14 17:08 . 2011-03-14 17:08 -------- d-----w- c:\windows\system32\sda
2011-03-14 15:57 . 2011-03-15 13:35 -------- d-----w- c:\documents and settings\khrissy.tiano
2011-03-14 14:19 . 2011-03-14 15:52 -------- d-----w- c:\documents and settings\Administrator.OGTA
2011-03-04 19:22 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-04 19:17 . 2011-03-04 19:27 -------- d-----w- C:\Backup
2011-03-04 17:40 . 2011-03-22 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-03-04 17:01 . 2011-03-04 17:05 -------- d-----w- c:\documents and settings\FayeBickerton
2011-03-04 16:07 . 2011-03-04 18:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-03-04 16:04 . 2011-03-04 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-04 15:14 . 2011-03-20 05:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-04 15:14 . 2011-03-19 04:55 -------- d-----w- c:\program files\StorageCraft
2011-03-04 15:11 . 2011-03-04 15:11 -------- d-----w- c:\program files\Spark
2011-03-04 15:01 . 2011-03-04 15:01 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-04 14:58 . 2011-03-04 14:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2011-03-04 14:57 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-03-04 14:56 . 2011-03-04 14:56 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-04 14:55 . 2011-03-04 14:56 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-03-04 14:55 . 2011-03-04 14:55 -------- d-----w- c:\windows\system32\LogFiles
2011-03-04 14:54 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-03-04 05:25 . 2011-03-04 05:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-04 05:08 . 2011-03-04 14:59 -------- d-----w- c:\windows\ie8updates
2011-03-04 05:05 . 2008-05-22 09:15 434 ----a-w- c:\windows\myClean.bat
2011-03-04 04:52 . 2011-03-04 04:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\program files\Microsoft.NET
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-03-04 04:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-04 04:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-04 04:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-04 04:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-04 04:51 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-04 04:51 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-03-04 04:46 . 2011-03-04 04:46 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-04 04:46 . 2011-03-04 04:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-04 04:45 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-04 04:45 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-04 04:45 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-04 04:45 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-04 04:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-04 04:45 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-04 04:45 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-03-04 04:44 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-03-04 04:44 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-03-04 04:44 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-03-04 04:44 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-03-04 04:44 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-03-04 04:44 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-03-04 04:44 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-03-04 04:44 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-03-04 04:44 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-03-04 04:44 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-03-04 04:44 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-03-04 04:43 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-04 04:43 . 2010-12-20 23:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-04 04:43 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-04 04:43 . 2010-12-20 23:59 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-03-04 04:43 . 2010-12-20 23:59 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-04 04:43 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-04 04:41 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-03-04 04:41 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-03-04 04:41 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-03-04 04:40 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-04 04:40 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-04 04:40 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-03-04 04:29 . 2011-03-04 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-03-04 04:27 . 2011-03-04 04:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-04 04:26 . 2011-03-22 02:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2011-03-04 04:22 . 2011-03-04 04:22 -------- d-----w- c:\program files\Windows Sidebar
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----w- c:\program files\Common Files\Skype
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----r- c:\program files\Skype
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-03-04 04:19 . 2009-03-17 04:19 58208 ----a-w- c:\windows\system32\wsimd.sys
2011-03-04 04:19 . 2009-03-17 04:19 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2011-03-04 04:19 . 2011-03-04 04:19 -------- d-----w- c:\program files\Atheros
2011-03-04 04:19 . 2009-09-30 20:17 1585728 ----a-w- c:\windows\system32\drivers\athw.sys
2011-03-04 04:19 . 2011-03-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2011-03-04 04:18 . 2011-03-04 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-03-04 04:14 . 2011-03-04 04:16 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-03-04 04:14 . 2009-12-04 12:23 105064 ----a-w- c:\windows\system32\VDRender.ax
2011-03-04 04:14 . 2009-12-04 12:22 64000 ----a-w- c:\windows\system32\RegVCap32.exe
2011-03-04 04:14 . 2009-12-04 12:22 506472 ----a-w- c:\windows\system32\uArcCapture.exe
2011-03-04 04:14 . 2009-12-04 12:22 244312 ----a-w- c:\windows\system32\VDGraph.dll
2011-03-04 04:14 . 2009-12-04 10:48 25088 ----a-w- c:\windows\system32\arcvcapcoin.dll
2011-03-04 04:14 . 2009-12-04 10:48 100984 ----a-w- c:\windows\system32\ArcVCapture.dll
2011-03-04 04:14 . 2009-12-04 10:48 27648 ----a-w- c:\windows\system32\drivers\ArcSoftVCapture.sys
2011-03-04 04:14 . 2011-03-04 04:14 -------- d-----w- c:\program files\Arcsoft
2011-03-04 04:13 . 2009-12-18 21:13 33280 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-03-04 04:13 . 2009-12-18 21:13 211840 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-03-04 04:13 . 2009-12-18 21:13 312192 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-03-04 04:13 . 2009-12-18 21:13 25984 ----a-w- c:\windows\snuvcdsm.exe
2011-03-04 04:13 . 2009-12-18 21:13 1763968 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-03-04 04:13 . 2009-12-18 21:13 255360 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\program files\Common Files\SNP2UVC
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2011-03-04 04:13 . 2009-11-02 20:12 64000 ------w- c:\windows\system32\agrsmdel.exe
2011-03-04 04:13 . 2009-11-02 20:11 14848 ------w- c:\windows\system32\agrsco64.dll
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\program files\LSI SoftModem
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\windows\Options
2011-03-04 04:12 . 2009-12-03 20:30 3313664 ----a-w- c:\windows\system32\stlang.dll
2011-03-04 04:12 . 2009-12-03 20:30 229461 ----a-w- c:\windows\system32\stacsv.exe
2011-03-04 04:12 . 2009-12-03 20:30 11870301 ----a-w- c:\windows\system32\idtsg.cpl
2011-03-04 04:12 . 2009-04-22 05:01 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2011-03-04 04:12 . 2009-02-19 10:41 86016 ----a-w- c:\windows\system32\AESTCom.dll
2011-03-04 04:12 . 2009-12-03 20:30 175616 ----a-w- c:\windows\system32\staco.dll
2011-03-04 04:12 . 2009-12-03 20:30 540773 ----a-w- c:\windows\system32\stacapi.dll
2011-03-04 04:12 . 2009-12-03 20:30 1656246 ----a-w- c:\windows\system32\drivers\sthda.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 16:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 16:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 16:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 16:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 16:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 16:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 16:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:53 . 2011-03-26 19:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert "= "mqrt.dll" [2008-04-14 177152]
"QLBController "= "c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-05 254520]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"HPPowerAssistant "= "c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"HPWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"File Sanitizer "= "c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"DTRun "= "c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"Cpqset "= "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-09-25 75264]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [12/15/2009 9:12 PM 110520]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [12/15/2009 9:12 PM 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [12/15/2009 9:12 PM 13256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/3/2011 5:59 PM 114768]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/15/2009 9:12 PM 40088]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe [11/22/2009 3:08 PM 80384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2011 5:59 PM 20560]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [12/16/2009 6:48 PM 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [11/18/2009 7:17 PM 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [12/16/2009 6:51 PM 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [1/7/2010 6:14 PM 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12/10/2009 5:03 PM 251448]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [12/15/2009 9:11 PM 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [12/11/2009 9:57 PM 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [1/4/2010 11:36 PM 264248]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/14/2010 10:43 PM 635416]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [3/4/2011 12:14 AM 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [3/4/2011 12:12 AM 2320920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/4/2011 12:12 AM 113664]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [3/4/2011 12:14 AM 27648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [3/4/2011 12:03 AM 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [3/4/2011 12:03 AM 205824]
S2 0202751299215090mcinstcleanup;McAfee Application Installer Cleanup (0202751299215090);c:\docume~1\ADMINI~1\LOCALS~1\Temp\020275~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\020275~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [12/14/2009 11:47 AM 1639728]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [10/21/2009 5:37 PM 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [11/17/2009 6:39 PM 362040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [1/14/2010 10:36 PM 181792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\khrissy.tianGTA\Application Data\Mozilla\Firefox\Profiles\v98b3p4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe "?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-27 20:37:12
ComboFix-quarantined-files.txt 2011-03-28 00:37
.
Pre-Run: 281,291,018,240 bytes free
Post-Run: 281,273,192,448 bytes free
.
- - End Of File - - 24665166B54DC45E4E0041A125D4185C

broni · 2011/03/27

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\All Users\Application Data\BMIGBKYQPP


Driver::
0202751299215090mcinstcleanup

DDS::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

mzkhrissy · 2011/03/27

ComboFix 11-03-27.01 - khrissy.tiano 03/27/2011 21:20:26.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2991.2317 [GMT -4:00]
Running from: c:\documents and settings\khrissy.tianGTA\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\khrissy.tianGTA\My Documents\Downloads\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110327-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\BMIGBKYQPP
c:\documents and settings\All Users\Application Data\BMIGBKYQPP\BMVELUDP.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_0202751299215090MCINSTCLEANUP
-------\Service_0202751299215090mcinstcleanup
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-27 02:53 . 2011-03-27 03:44 -------- d-----w- c:\windows\Symbols
2011-03-27 02:30 . 2011-03-27 04:15 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-03-26 22:07 . 2011-03-26 22:07 -------- d-----w- C:\_OTL
2011-03-26 20:16 . 2011-03-26 20:16 -------- d-----w- c:\program files\ESET
2011-03-25 20:27 . 2011-03-25 20:30 -------- d-----w- c:\documents and settings\mindy
2011-03-24 19:31 . 2011-03-24 19:31 -------- d-----w- c:\program files\Cosmi
2011-03-21 05:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 05:49 . 2011-03-21 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 05:49 . 2011-03-21 05:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 05:49 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-21 05:15 . 2011-03-21 05:15 -------- d-----w- c:\program files\Trend Micro
2011-03-21 00:54 . 2011-03-21 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-21 00:54 . 2011-03-21 00:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-20 05:47 . 2011-03-20 05:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A040077C-2A99-4039-A7FE-2D89E1233041}
2011-03-20 05:47 . 2011-03-20 05:47 -------- d-----w- c:\program files\Greenbrier Graphics
2011-03-20 00:07 . 2011-03-20 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Xerox
2011-03-19 04:55 . 2011-03-19 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\StorageCraft_Technology_C
2011-03-14 20:14 . 2011-03-14 20:14 -------- d-----w- c:\windows\system32\%appdata%
2011-03-14 17:08 . 2011-03-14 17:08 -------- d-----w- c:\windows\system32\sda
2011-03-14 15:57 . 2011-03-15 13:35 -------- d-----w- c:\documents and settings\khrissy.tiano
2011-03-14 14:19 . 2011-03-14 15:52 -------- d-----w- c:\documents and settings\Administrator.OGTA
2011-03-04 19:22 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-04 19:17 . 2011-03-04 19:27 -------- d-----w- C:\Backup
2011-03-04 17:40 . 2011-03-22 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-03-04 17:01 . 2011-03-04 17:05 -------- d-----w- c:\documents and settings\FayeBickerton
2011-03-04 16:07 . 2011-03-04 18:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-03-04 16:04 . 2011-03-04 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-04 15:14 . 2011-03-20 05:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-04 15:14 . 2011-03-19 04:55 -------- d-----w- c:\program files\StorageCraft
2011-03-04 15:11 . 2011-03-04 15:11 -------- d-----w- c:\program files\Spark
2011-03-04 15:01 . 2011-03-04 15:01 -------- d-----w- c:\program files\Microsoft Silverlight
2011-03-04 14:58 . 2011-03-04 14:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2011-03-04 14:57 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-03-04 14:56 . 2011-03-04 14:56 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-04 14:55 . 2011-03-04 14:56 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-03-04 14:55 . 2011-03-04 14:55 -------- d-----w- c:\windows\system32\LogFiles
2011-03-04 14:54 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-03-04 05:25 . 2011-03-04 05:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-04 05:08 . 2011-03-04 14:59 -------- d-----w- c:\windows\ie8updates
2011-03-04 05:05 . 2008-05-22 09:15 434 ----a-w- c:\windows\myClean.bat
2011-03-04 04:52 . 2011-03-04 04:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\program files\Microsoft.NET
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-04 04:51 . 2011-03-04 04:51 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-03-04 04:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-04 04:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-04 04:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-04 04:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-04 04:51 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-04 04:51 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-03-04 04:46 . 2011-03-04 04:46 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-04 04:46 . 2011-03-04 04:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-04 04:45 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-04 04:45 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-03-04 04:45 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-04 04:45 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-04 04:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-04 04:45 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-04 04:45 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-03-04 04:44 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-03-04 04:44 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-03-04 04:44 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-03-04 04:44 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-03-04 04:44 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-03-04 04:44 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-03-04 04:44 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-03-04 04:44 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-03-04 04:44 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-03-04 04:44 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-03-04 04:44 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-03-04 04:43 . 2010-12-20 23:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-04 04:43 . 2010-12-20 23:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-04 04:43 . 2010-12-20 23:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-04 04:43 . 2010-12-20 23:59 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-03-04 04:43 . 2010-12-20 23:59 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-04 04:43 . 2010-12-20 23:59 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-04 04:41 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-03-04 04:41 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-03-04 04:41 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-03-04 04:40 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-04 04:40 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-04 04:40 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-03-04 04:29 . 2011-03-04 04:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-03-04 04:27 . 2011-03-04 04:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-04 04:26 . 2011-03-22 02:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2011-03-04 04:22 . 2011-03-04 04:22 -------- d-----w- c:\program files\Windows Sidebar
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----w- c:\program files\Common Files\Skype
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----r- c:\program files\Skype
2011-03-04 04:20 . 2011-03-04 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-03-04 04:19 . 2009-03-17 04:19 58208 ----a-w- c:\windows\system32\wsimd.sys
2011-03-04 04:19 . 2009-03-17 04:19 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2011-03-04 04:19 . 2011-03-04 04:19 -------- d-----w- c:\program files\Atheros
2011-03-04 04:19 . 2009-09-30 20:17 1585728 ----a-w- c:\windows\system32\drivers\athw.sys
2011-03-04 04:19 . 2011-03-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2011-03-04 04:18 . 2011-03-04 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-03-04 04:14 . 2011-03-04 04:16 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-03-04 04:14 . 2009-12-04 12:23 105064 ----a-w- c:\windows\system32\VDRender.ax
2011-03-04 04:14 . 2009-12-04 12:22 64000 ----a-w- c:\windows\system32\RegVCap32.exe
2011-03-04 04:14 . 2009-12-04 12:22 506472 ----a-w- c:\windows\system32\uArcCapture.exe
2011-03-04 04:14 . 2009-12-04 12:22 244312 ----a-w- c:\windows\system32\VDGraph.dll
2011-03-04 04:14 . 2009-12-04 10:48 25088 ----a-w- c:\windows\system32\arcvcapcoin.dll
2011-03-04 04:14 . 2009-12-04 10:48 100984 ----a-w- c:\windows\system32\ArcVCapture.dll
2011-03-04 04:14 . 2009-12-04 10:48 27648 ----a-w- c:\windows\system32\drivers\ArcSoftVCapture.sys
2011-03-04 04:14 . 2011-03-04 04:14 -------- d-----w- c:\program files\Arcsoft
2011-03-04 04:13 . 2009-12-18 21:13 33280 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2011-03-04 04:13 . 2009-12-18 21:13 211840 ----a-w- c:\windows\system32\csnp2uvc.dll
2011-03-04 04:13 . 2009-12-18 21:13 312192 ----a-w- c:\windows\system32\vsnp2uvc.dll
2011-03-04 04:13 . 2009-12-18 21:13 25984 ----a-w- c:\windows\snuvcdsm.exe
2011-03-04 04:13 . 2009-12-18 21:13 1763968 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2011-03-04 04:13 . 2009-12-18 21:13 255360 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\program files\Common Files\SNP2UVC
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2011-03-04 04:13 . 2009-11-02 20:12 64000 ------w- c:\windows\system32\agrsmdel.exe
2011-03-04 04:13 . 2009-11-02 20:11 14848 ------w- c:\windows\system32\agrsco64.dll
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\program files\LSI SoftModem
2011-03-04 04:13 . 2011-03-04 04:13 -------- d-----w- c:\windows\Options
2011-03-04 04:12 . 2009-12-03 20:30 3313664 ----a-w- c:\windows\system32\stlang.dll
2011-03-04 04:12 . 2009-12-03 20:30 229461 ----a-w- c:\windows\system32\stacsv.exe
2011-03-04 04:12 . 2009-12-03 20:30 11870301 ----a-w- c:\windows\system32\idtsg.cpl
2011-03-04 04:12 . 2009-04-22 05:01 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2011-03-04 04:12 . 2009-02-19 10:41 86016 ----a-w- c:\windows\system32\AESTCom.dll
2011-03-04 04:12 . 2009-12-03 20:30 175616 ----a-w- c:\windows\system32\staco.dll
2011-03-04 04:12 . 2009-12-03 20:30 540773 ----a-w- c:\windows\system32\stacapi.dll
2011-03-04 04:12 . 2009-12-03 20:30 1656246 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-03-04 04:12 . 2009-04-22 06:13 113664 ----a-w- c:\windows\system32\drivers\AESTAud.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 16:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 16:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 16:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 16:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 16:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 16:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 16:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:53 . 2011-03-26 19:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-28_00.35.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-28 01:24 . 2011-03-28 01:24 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert "= "mqrt.dll" [2008-04-14 177152]
"QLBController "= "c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-05 254520]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"HPPowerAssistant "= "c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"HPWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"File Sanitizer "= "c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"DTRun "= "c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"Cpqset "= "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-09-25 75264]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-12 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [12/15/2009 9:12 PM 110520]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [12/15/2009 9:12 PM 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [12/15/2009 9:12 PM 13256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/3/2011 5:59 PM 114768]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/15/2009 9:12 PM 40088]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe [11/22/2009 3:08 PM 80384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2011 5:59 PM 20560]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [12/16/2009 6:48 PM 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [11/18/2009 7:17 PM 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [12/16/2009 6:51 PM 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [1/7/2010 6:14 PM 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [12/10/2009 5:03 PM 251448]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [12/15/2009 9:11 PM 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [12/11/2009 9:57 PM 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [1/4/2010 11:36 PM 264248]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/14/2010 10:43 PM 635416]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [3/4/2011 12:14 AM 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [3/4/2011 12:12 AM 2320920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/4/2011 12:12 AM 113664]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [3/4/2011 12:14 AM 27648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [3/4/2011 12:03 AM 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [3/4/2011 12:03 AM 205824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [12/14/2009 11:47 AM 1639728]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [10/21/2009 5:37 PM 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [11/17/2009 6:39 PM 362040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [1/14/2010 10:36 PM 181792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\khrissy.tianGTA\Application Data\Mozilla\Firefox\Profiles\v98b3p4b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe "?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\idt\wdm\STacSV.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\windows\system32\msdtc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\mqsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Completion time: 2011-03-27 21:31:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-28 01:31
ComboFix2.txt 2011-03-28 00:37
.
Pre-Run: 281,279,365,120 bytes free
Post-Run: 281,263,247,360 bytes free
.
- - End Of File - - D301B13AC93EC8EC36B8EC0A0FCFA595

broni · 2011/03/27

Good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mzkhrissy · 2011/03/27

The computer seems to be doing fine. I am abit concerned with this c:\windows\system32\btmmhook.dll from the log file above....I read that this is 60% harmful when in the system32 folder. Im just worried something is hidden and we have to dig to find. However I have not seen any redirects or any suspicious activity lately. Its good to have someone behind me helping me out with this. Thank you again Broni. Ill post the log as soon as it finishes be back soon.

broni · 2011/03/27

No problem

broni · 2011/03/27

BTW, btmmhook.dll is a Bluetooth driver.

mzkhrissy · 2011/03/27

OTL logfile created on: 3/27/2011 9:43:18 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 296.07 Gb Total Space | 261.97 Gb Free Space | 88.48% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.50 Gb Free Space | 74.88% Space Free | Partition Type: FAT32

Computer Name: OGTAM015 | User Name: khrissy.tiano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 18:46:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\OTL.exe
PRC - [2011/01/30 11:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/01/07 18:14:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
PRC - [2010/01/04 23:36:04 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/01/04 23:35:22 | 000,254,520 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2010/01/04 22:23:36 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2009/12/16 18:51:46 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009/12/16 18:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/12/16 18:48:12 | 001,690,680 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2009/12/16 18:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2009/12/15 21:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/12/11 21:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2009/12/11 21:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/12/10 17:03:52 | 000,251,448 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/12/04 08:22:52 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\WINDOWS\system32\uArcCapture.exe
PRC - [2009/12/03 16:30:42 | 000,229,461 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/11/24 22:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/22 15:08:54 | 000,080,384 | ---- | M] (Arcsoft, Inc.) -- c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
PRC - [2009/11/18 19:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/04 17:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 17:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/02 16:12:02 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/10/23 15:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/10/12 14:51:26 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/12 14:51:26 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/25 12:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 12:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/04/21 10:05:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/26 18:46:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/12 14:49:40 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2009/10/12 14:47:42 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/07 18:14:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/01/04 23:36:04 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2009/12/16 18:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/12/16 18:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009/12/15 21:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/12/14 11:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/11 21:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/10 17:03:52 | 000,251,448 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/04 08:22:52 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\WINDOWS\system32\uArcCapture.exe -- (uArcCapture)
SRV - [2009/12/03 16:30:42 | 000,229,461 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/11/24 22:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/22 15:08:54 | 000,080,384 | ---- | M] (Arcsoft, Inc.) [Auto | Running] -- c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe -- (Arcsoft Security Service)
SRV - [2009/11/18 19:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/17 18:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 17:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/02 16:12:02 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/10/23 15:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/25 12:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/04/21 10:05:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/10/20 19:33:04 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/10/20 19:32:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/12/18 17:13:44 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/12/15 21:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/12/15 21:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/12/15 21:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/12/15 21:12:10 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/12/04 06:48:28 | 000,027,648 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2009/12/03 16:30:42 | 001,656,246 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/12/03 11:57:48 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/12/03 11:57:36 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/12/03 11:57:32 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/12/03 11:57:28 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/12/03 11:57:22 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/11/27 19:20:06 | 000,177,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/11 05:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/11/02 16:11:56 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/10/26 02:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/21 17:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/10/15 19:16:04 | 000,205,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/10/03 00:23:52 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/09/30 16:17:02 | 001,585,728 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/16 17:16:52 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/05/15 21:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/15 21:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 21:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/15 21:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/15 21:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/22 02:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/17 00:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 04:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-747175263-764354085-2094542061-1354\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-747175263-764354085-2094542061-1354\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/01/14 22:42:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/03/04 12:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 15:07:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/26 15:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Mozilla\Extensions
[2011/03/26 15:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/04 01:15:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/27 21:28:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-747175263-764354085-2094542061-1354\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DTRun] c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-747175263-764354085-2094542061-1354\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747175263-764354085-2094542061-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-747175263-764354085-2094542061-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-747175263-764354085-2094542061-1354\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ogtanet.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 20:31:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/27 20:31:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/27 20:31:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/27 20:31:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/27 20:30:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/26 22:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Symbols
[2011/03/26 22:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/03/26 22:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2011/03/26 18:07:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/26 16:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/26 15:58:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/26 15:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/26 15:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Downloads
[2011/03/26 15:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Mozilla
[2011/03/26 15:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Mozilla
[2011/03/26 15:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/25 14:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Desktop\IT BACKUP
[2011/03/24 15:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Flow Chart Maker
[2011/03/24 15:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi
[2011/03/21 01:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Malwarebytes
[2011/03/21 01:49:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/21 01:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/21 01:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/21 01:49:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/21 01:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/21 01:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/21 01:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/21 01:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\HiJackThis
[2011/03/20 20:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/20 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/20 20:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/20 01:47:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A040077C-2A99-4039-A7FE-2D89E1233041}
[2011/03/20 01:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Net Deed Plotter
[2011/03/20 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Greenbrier Graphics
[2011/03/19 22:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\PCHealth
[2011/03/19 20:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Xerox
[2011/03/19 20:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2011/03/19 20:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\WinZip
[2011/03/19 00:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\StorageCraft_Technology_C
[2011/03/17 22:02:38 | 000,963,072 | ---- | C] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\Desktop\CPP-ProductKeyFinder.exe
[2011/03/17 22:01:52 | 000,963,072 | ---- | C] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\My Documents\CPP-ProductKeyFinder.exe
[2011/03/16 21:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Net Deed Plotter Surveys
[2011/03/16 09:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Spark
[2011/03/16 09:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Hewlett-Packard
[2011/03/16 09:18:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\khrissy.tianGTA\IECompatCache
[2011/03/16 09:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Macromedia
[2011/03/16 09:17:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\khrissy.tianGTA\PrivacIE
[2011/03/16 09:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Adobe
[2011/03/16 09:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Adobe
[2011/03/16 09:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Bluetooth Software
[2011/03/16 09:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Bluetooth Exchange Folder
[2011/03/16 09:09:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft
[2011/03/16 09:09:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\khrissy.tianGTA\SendTo
[2011/03/16 09:09:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\khrissy.tianGTA\Recent
[2011/03/16 09:09:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Startup
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\Start Menu
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents\My Pictures
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents\My Music
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\My Documents
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\Favorites
[2011/03/16 09:09:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Accessories
[2011/03/16 09:09:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\khrissy.tianGTA\IETldCache
[2011/03/16 09:09:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\khrissy.tianGTA\Cookies
[2011/03/16 09:09:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\khrissy.tianGTA\Templates
[2011/03/16 09:09:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\khrissy.tianGTA\PrintHood
[2011/03/16 09:09:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\khrissy.tianGTA\NetHood
[2011/03/16 09:09:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\SiteAdvisor
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\PDFC
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Microsoft Help
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Microsoft
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Identities
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\hpqLog
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Hewlett-Packard
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\Downloaded Installations
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Local Settings\Application Data\DigitalPersona
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\DigitalPersona
[2011/03/16 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\khrissy.tianGTA\Desktop
[2011/03/14 16:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%appdata%
[2011/03/14 13:08:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sda
[2011/03/14 11:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/04 15:17:14 | 000,000,000 | ---D | C] -- C:\Backup
[2011/03/04 13:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/04 12:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/04 12:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/03/04 12:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/03/04 11:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/04 11:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\StorageCraft
[2011/03/04 11:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spark
[2011/03/04 11:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spark
[2011/03/04 11:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/04 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/04 10:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/03/04 10:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/03/04 10:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/03/04 10:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/04 01:08:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/03/04 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2011/03/04 00:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/03/04 00:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/03/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/03/04 00:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/03/04 00:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/03/04 00:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/03/04 00:37:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/03/04 00:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/03/04 00:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/04 00:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/03/04 00:20:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/03/04 00:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/03/04 00:19:59 | 000,058,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2011/03/04 00:19:59 | 000,058,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2011/03/04 00:19:52 | 001,585,728 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2011/03/04 00:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/03/04 00:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/03/04 00:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2011/03/04 00:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TotalMedia Suite
[2011/03/04 00:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2011/03/04 00:14:11 | 000,506,472 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\uArcCapture.exe
[2011/03/04 00:14:11 | 000,244,312 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\VDGraph.dll
[2011/03/04 00:14:11 | 000,105,064 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\VDRender.ax
[2011/03/04 00:14:11 | 000,100,984 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\ArcVCapture.dll
[2011/03/04 00:14:11 | 000,064,000 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\RegVCap32.exe
[2011/03/04 00:14:11 | 000,027,648 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\drivers\ArcSoftVCapture.sys
[2011/03/04 00:14:11 | 000,025,088 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\arcvcapcoin.dll
[2011/03/04 00:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Arcsoft
[2011/03/04 00:13:42 | 000,211,840 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2011/03/04 00:13:41 | 000,312,192 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2011/03/04 00:13:39 | 000,255,360 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2011/03/04 00:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SNP2UVC
[2011/03/04 00:13:20 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\WINDOWS\System32\agrsmdel.exe
[2011/03/04 00:13:20 | 000,014,848 | ---- | C] (LSI Corporation) -- C:\WINDOWS\System32\agrsco64.dll
[2011/03/04 00:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/03/04 00:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/03/04 00:12:51 | 011,870,301 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2011/03/04 00:12:51 | 003,313,664 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2011/03/04 00:12:51 | 000,229,461 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2011/03/04 00:12:48 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\staco.dll
[2011/03/04 00:12:46 | 001,656,246 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2011/03/04 00:12:46 | 000,540,773 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2011/03/04 00:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/03/04 00:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2011/03/04 00:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
[2011/03/04 00:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/03/04 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/04 00:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/04 00:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/04 00:03:32 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/03/04 00:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/03 17:59:36 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/03 17:59:36 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/03 17:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Antivirus
[2011/03/03 17:59:35 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/03 17:59:35 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2011/03/03 17:59:35 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/03 17:59:35 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/03 17:59:35 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/03 17:59:35 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/03 17:59:25 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/03 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/03/03 17:52:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/03/03 17:43:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2011/03/03 17:43:31 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2011/03/27 21:28:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/27 21:28:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/27 21:24:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/27 21:24:16 | 3136,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/27 20:22:36 | 000,001,718 | -H-- | M] () -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Default.rdp
[2011/03/26 18:09:24 | 000,335,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/26 15:58:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/26 15:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/26 15:07:44 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/26 15:07:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/25 21:25:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 21:24:44 | 000,495,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/25 21:24:44 | 000,083,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/21 01:49:24 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick

mzkhrissy · 2011/03/27

Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/21 01:49:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 01:45:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/21 01:36:02 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/03/21 01:16:09 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\HiJackThis.lnk
[2011/03/20 20:54:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/20 20:54:39 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Spybot - Search & Destroy.lnk
[2011/03/20 20:44:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/20 01:47:08 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Net Deed Plotter.lnk
[2011/03/18 12:23:52 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/17 22:02:41 | 000,963,072 | ---- | M] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\Desktop\CPP-ProductKeyFinder.exe
[2011/03/17 22:01:54 | 000,963,072 | ---- | M] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\My Documents\CPP-ProductKeyFinder.exe
[2011/03/17 12:12:40 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Shortcut to Drivers on 'ApolloOGTA ShareIT Support' (J).lnk
[2011/03/16 21:24:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/16 21:24:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/16 09:25:26 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\userdic.tlx
[2011/03/16 09:18:59 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/03/16 09:09:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/16 09:09:28 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Windows Media Player.lnk
[2011/03/14 10:22:40 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Standard.lnk
[2011/03/04 13:32:20 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2011/03/04 11:11:17 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spark.exe.lnk
[2011/03/04 11:07:51 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2011/03/04 10:57:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/03/04 10:56:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/04 10:56:51 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/04 10:55:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/03/04 00:14:27 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\arcVCapture.pfg
[2011/03/04 00:08:08 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/03/04 00:04:15 | 000,004,219 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/03 23:58:49 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/03 18:11:05 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/03 17:59:36 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

========== Files Created - No Company Name ==========

[2011/03/27 20:31:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/27 20:31:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/27 20:31:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/27 20:31:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/27 20:31:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/26 15:58:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/26 15:58:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/26 15:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/26 15:07:44 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/26 15:07:44 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/26 15:07:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/21 01:49:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/21 01:49:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 01:15:59 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\HiJackThis.lnk
[2011/03/20 20:54:39 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/20 20:54:39 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Spybot - Search & Destroy.lnk
[2011/03/18 12:23:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/17 12:12:40 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Shortcut to Drivers on 'ApolloOGTA ShareIT Support' (J).lnk
[2011/03/16 21:57:08 | 000,001,718 | -H-- | C] () -- C:\Documents and Settings\khrissy.tianGTA\My Documents\Default.rdp
[2011/03/16 21:24:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/16 21:24:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/16 09:25:26 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\userdic.tlx
[2011/03/16 09:18:59 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/03/16 09:09:28 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Windows Media Player.lnk
[2011/03/16 09:09:28 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Desktop\Windows Media Player.lnk
[2011/03/16 09:09:04 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/16 09:09:04 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/16 09:09:03 | 000,001,551 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\HP Software Setup.lnk
[2011/03/16 09:09:03 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Remote Assistance.lnk
[2011/03/16 09:09:03 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Internet Explorer.lnk
[2011/03/16 09:09:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\khrissy.tianGTA\Start Menu\Programs\Outlook Express.lnk
[2011/03/04 14:53:37 | 000,001,046 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Net Deed Plotter.lnk
[2011/03/04 13:32:20 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2011/03/04 12:06:41 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Standard.lnk
[2011/03/04 12:06:41 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011/03/04 12:06:41 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Standard.lnk
[2011/03/04 11:11:17 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spark.exe.lnk
[2011/03/04 10:57:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/03/04 10:55:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/03/04 01:21:32 | 001,222,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/04 01:05:38 | 000,000,434 | ---- | C] () -- C:\WINDOWS\myClean.bat
[2011/03/04 00:21:03 | 3136,737,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/04 00:19:59 | 000,042,475 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2011/03/04 00:19:59 | 000,042,065 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2011/03/04 00:19:59 | 000,005,361 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2011/03/04 00:19:59 | 000,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2011/03/04 00:19:22 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Launch TotalMedia Suite.lnk
[2011/03/04 00:14:27 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\arcVCapture.pfg
[2011/03/04 00:14:11 | 001,920,056 | ---- | C] () -- C:\WINDOWS\System32\ArcVCapLogo.bmp
[2011/03/04 00:13:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2011/03/04 00:13:42 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2011/03/04 00:13:42 | 000,013,021 | ---- | C] () -- C:\WINDOWS\snp2uvc.src
[2011/03/04 00:13:41 | 001,763,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2011/03/04 00:13:41 | 000,025,984 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2011/03/04 00:12:59 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IDT Audio Control Panel.lnk
[2011/03/04 00:08:08 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/03/04 00:03:34 | 000,131,904 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2011/03/04 00:03:34 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/03/04 00:03:33 | 000,176,490 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2011/03/04 00:03:33 | 000,163,583 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2011/03/04 00:03:33 | 000,138,088 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2011/03/04 00:03:33 | 000,127,896 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011/03/04 00:03:33 | 000,116,868 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2011/03/04 00:03:33 | 000,116,230 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2011/03/04 00:03:33 | 000,112,529 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2011/03/04 00:03:33 | 000,101,113 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2011/03/04 00:03:32 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/03/04 00:03:31 | 000,874,032 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011/03/04 00:03:30 | 000,123,747 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2011/03/04 00:03:30 | 000,118,949 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2011/03/04 00:03:30 | 000,118,570 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2011/03/04 00:03:29 | 000,121,452 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2011/03/04 00:03:29 | 000,119,326 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2011/03/04 00:03:29 | 000,117,762 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2011/03/04 00:03:29 | 000,117,526 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2011/03/04 00:03:29 | 000,117,229 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2011/03/04 00:03:29 | 000,116,629 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2011/03/04 00:03:29 | 000,108,405 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2011/03/04 00:03:29 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/03/04 00:03:29 | 000,033,320 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/03/04 00:03:28 | 000,187,765 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2011/03/04 00:03:28 | 000,134,602 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2011/03/04 00:03:27 | 000,121,133 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2011/03/04 00:03:27 | 000,120,883 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2011/03/04 00:03:27 | 000,117,737 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2011/03/04 00:03:27 | 000,116,944 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2011/03/04 00:03:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2011/03/04 00:03:27 | 000,112,444 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2011/03/04 00:03:27 | 000,102,235 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2011/03/03 23:58:48 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/03 23:47:53 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/03/03 23:47:53 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/03/03 23:47:53 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/03/03 23:47:50 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/03/03 23:47:50 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/03/03 23:47:50 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/03/03 23:47:50 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/03/03 23:47:50 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/03/03 23:47:50 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/03/03 23:47:50 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/03/03 23:47:50 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/03/03 23:47:50 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/03/03 23:47:49 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/03/03 23:47:49 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/03/03 23:47:49 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/03/03 23:47:49 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/03/03 23:47:49 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/03/03 23:47:49 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/03/03 23:47:49 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/03/03 23:47:49 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/03/03 23:47:49 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/03/03 17:59:36 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2011/03/03 17:59:25 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/01/14 22:55:56 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\HPWA.ini
[2010/01/14 22:48:17 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/01/14 22:45:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 22:44:42 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini
[2010/01/14 22:36:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/15 21:12:10 | 000,110,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2009/12/14 15:26:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign
[2009/12/11 15:20:30 | 000,648,464 | ---- | C] () -- C:\WINDOWS\System32\SUPSDK.dll
[2009/12/11 15:20:18 | 000,050,448 | ---- | C] () -- C:\WINDOWS\System32\ExpSnapShotAPI.dll
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\DPSCEL.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\DPFPApi.dll.hpsign
[2009/11/24 22:57:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\DPClback.dll.hpsign
[2009/11/24 17:55:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\DPFPApiUI.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\DPPassFilter.dll.hpsign
[2009/11/24 17:55:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\dpgina.dll.hpsign
[2009/11/17 18:39:36 | 000,329,272 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2009/10/12 14:50:14 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/07/10 14:46:30 | 007,488,032 | R--- | C] () -- C:\WINDOWS\System32\CogentData1.dat
[2009/07/10 14:46:28 | 000,002,432 | R--- | C] () -- C:\WINDOWS\System32\CogentData2.dat
[2009/06/22 18:08:10 | 016,128,032 | R--- | C] () -- C:\WINDOWS\System32\CogentData4.dat
[2009/06/22 18:08:10 | 000,004,032 | R--- | C] () -- C:\WINDOWS\System32\CogentData5.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 17:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 17:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 17:14:52 | 000,495,192 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 17:14:52 | 000,083,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 17:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 17:07:40 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 17:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 16:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 12:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 12:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DigitalPersona
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.OGTA\Application Data\DigitalPersona
[2011/03/21 01:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2011/03/22 09:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/20 01:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/04 00:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/19 20:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2011/03/20 01:47:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A040077C-2A99-4039-A7FE-2D89E1233041}
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\DigitalPersona
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FayeBickerton\Application Data\DigitalPersona
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khrissy.tiano\Application Data\DigitalPersona
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\DigitalPersona
[2011/03/19 20:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Xerox
[2010/01/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mindy\Application Data\DigitalPersona

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/03/21 01:45:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/26 15:58:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/27 21:31:31 | 000,025,076 | ---- | M] () -- C:\ComboFix.txt
[2011/03/27 21:24:16 | 3136,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/16 21:24:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/16 21:24:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | -HS- | M] () -- C:\ntdetect.com
[2010/01/14 22:16:33 | 000,250,048 | -HS- | M] () -- C:\ntldr
[2011/03/27 21:24:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/03/04 13:32:20 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX

< %systemroot%\Fonts\*.com >
[2006/04/18 19:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 18:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 19:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 18:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/07 17:02:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/07 09:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 09:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 09:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/01/14 22:18:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 09:09:33 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/07 17:08:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/17 22:02:41 | 000,963,072 | ---- | M] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\Desktop\CPP-ProductKeyFinder.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/07/21 13:08:00 | 000,013,021 | ---- | M] () -- C:\WINDOWS\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/03/17 22:01:54 | 000,963,072 | ---- | M] (Aporah - http://aporah.com) -- C:\Documents and Settings\khrissy.tianGTA\My Documents\CPP-ProductKeyFinder.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/16 09:09:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/03/27 21:31:07 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\khrissy.tianGTA\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 09:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 07:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 09:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 07:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 07:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 07:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 07:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 07:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618D0840

< End of report >

mzkhrissy · 2011/03/27

oh thats good then
The file above needed split into two...do you think im still infected ?

Log in or Sign up

Solved Win32 rogueav.a Google redirect icityfind redirect

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Win32 rogueav.a Google redirect icityfind redirect

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

mzkhrissy Inactive Thread Starter

Share This Page

Useful Searches