ComboFix 09-01-13.04 - MIRA 2009-01-16 2:14:34.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1048.18.1976.654 [GMT 2:00]
Running from: c:\users\MIRA\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.
2009-01-16 01:49 . 2009-01-16 01:52 <DIR> d-------- C:\fixwareout
2009-01-15 20:08 . 2009-01-15 20:08 <DIR> d-------- c:\program files\Sony
2009-01-15 14:17 . 2009-01-15 14:17 <DIR> d-------- c:\temp\MTGOInstall
2009-01-15 14:17 . 2009-01-15 14:17 <DIR> d-------- C:\Temp
2009-01-15 14:08 . 2009-01-15 14:21 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Wizards of the Coast
2009-01-15 14:07 . 2009-01-15 14:07 <DIR> d-------- c:\program files\Wizards of the Coast
2009-01-15 12:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-15 12:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-15 12:13 . 2009-01-15 12:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Malwarebytes
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-14 14:02 . 2009-01-14 14:02 <DIR> d-------- c:\program files\Panda Security
2009-01-14 14:02 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-01-14 13:09 . 2009-01-14 13:11 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-14 13:09 . 2009-01-14 13:11 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-14 13:09 . 2009-01-14 13:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-14 12:59 . 2009-01-14 12:59 <DIR> d-------- C:\fsaua.data
2009-01-11 20:55 . 2009-01-11 20:55 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Sierra Entertainment
2009-01-11 20:30 . 2009-01-11 20:30 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-11 17:00 . 2009-01-11 17:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 18:00 . 2009-01-06 23:10 <DIR> d-------- c:\program files\Paradox Interactive
2009-01-05 13:12 . 2009-01-05 14:20 <DIR> d-------- c:\users\MIRA\zatikon
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Media Player Classic
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\program files\Microsoft Games
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\users\All Users\Real
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-03 01:00 . 2009-01-03 01:00 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Roxio
2008-12-31 02:04 . 2008-12-31 02:04 <DIR> d-------- c:\windows\Ancient Secrets
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\users\All Users\TEMP
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\programdata\TEMP
2008-12-31 01:07 . 2008-12-31 01:07 <DIR> d-------- c:\windows\Can You See What I See Dream Machine
2008-12-30 23:22 . 2008-12-30 23:22 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DivX
2008-12-30 23:13 . 2009-01-04 18:26 <DIR> d-------- c:\program files\DivX
2008-12-30 23:05 . 2008-12-30 23:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\vlc
2008-12-30 23:04 . 2008-12-30 23:04 <DIR> d-------- c:\program files\VideoLAN
2008-12-29 22:14 . 2008-12-29 22:14 <DIR> d-------- c:\program files\QuickTime
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer Pro
2008-12-29 02:16 . 2008-12-29 20:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\Webteh
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\users\All Users\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\programdata\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\users\All Users\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\users\All Users\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\programdata\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\programdata\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 21:42 . 2008-11-21 23:47 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-28 21:41 . 2008-12-28 22:15 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Winamp
2008-12-28 21:41 . 2008-12-28 21:50 <DIR> d-------- c:\program files\Winamp
2008-12-28 21:21 . 2008-12-28 21:21 <DIR> d-------- c:\windows\System32\xlive
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Pro
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-28 21:16 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-28 21:15 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-28 21:12 . 2008-12-28 21:12 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-28 21:11 . 2008-12-28 21:20 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Lite
2008-12-28 16:41 . 2008-12-28 18:17 5,930,090,496 --a------ C:\rld-fou3.iso
2008-12-28 16:33 . 2009-01-09 18:02 <DIR> d-------- c:\users\MIRA\AppData\Roaming\skypePM
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\programdata\ezsidmv.dat
2008-12-28 16:21 . 2009-01-09 18:25 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\All Users\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\programdata\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-28 16:17 . 2009-01-16 02:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\MxBoost
2008-12-28 16:15 . 2009-01-15 15:02 <DIR> d-------- c:\users\MIRA\AppData\Roaming\uTorrent
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\program files\uTorrent
2008-12-28 16:14 . 2009-01-15 15:04 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Maxthon2
2008-12-26 03:02 . 2008-10-02 03:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-25 21:14 . 2008-12-25 21:44 <DIR> d-------- c:\program files\The Witcher Enhanced Edition
2008-12-17 02:19 . 2009-01-16 02:17 12 --a------ c:\windows\bthservsdp.dat
2008-12-16 20:25 . 2009-01-16 01:48 13,202 --a------ c:\windows\System32\perfh018.dat
2008-12-16 20:25 . 2009-01-16 01:48 4,604 --a------ c:\windows\System32\perfc018.dat
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\users\All Users\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\programdata\Yahoo!
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\program files\Yahoo!
2008-12-16 19:21 . 2008-12-16 19:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-16 19:21 . 2008-12-16 19:21 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-16 19:20 . 2009-01-16 01:41 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-12-16 19:20 . 2009-01-16 01:41 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-12-16 19:20 . 2008-12-16 19:20 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-16 19:20 . 2009-01-16 02:25 11,477,792 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-16 19:20 . 2009-01-16 02:18 155,792 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-16 19:19 . 2008-12-16 19:19 <DIR> d-------- C:\KAV
2008-12-16 19:15 . 2008-04-21 08:28 384 --a------ c:\windows\myClean.bat
2008-12-16 18:59 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-16 18:55 . 2008-12-16 18:55 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-16 18:53 . 2008-12-16 19:28 <DIR> d-------- c:\users\MIRA\AppData\Roaming\HPQLOG
2008-12-16 18:53 . 2009-01-16 02:19 47,104 --a------ c:\windows\System32\rpcnet.dll
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Searches
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Contacts
2008-12-16 18:52 . 2008-06-26 03:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-16 18:52 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-16 18:52 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-16 18:52 . 2008-06-26 05:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-16 18:52 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-16 18:52 . 2008-08-27 03:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-16 18:52 . 2008-04-29 03:42 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2008-12-16 18:52 . 2008-04-29 05:54 181,760 --a------ c:\windows\System32\fsquirt.exe
2008-12-16 18:52 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-12-16 18:52 . 2008-12-16 18:52 47,104 --a------ c:\windows\System32\rpcnet.exe
2008-12-16 18:52 . 2008-04-29 03:42 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2008-12-16 18:52 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-12-16 18:51 . 2008-06-26 03:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-16 18:51 . 2008-06-26 05:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-16 18:51 . 2008-12-16 18:51 44 --a------ c:\windows\system\hpsysdrv.dat
2008-12-16 18:49 . 2008-09-18 07:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-16 18:49 . 2008-09-18 07:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-16 18:49 . 2008-04-26 10:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-12-16 18:49 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-16 18:47 . 2008-12-16 18:47 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Hewlett-Packard
2008-12-16 18:46 . 2008-05-10 03:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:19 17,408 ----a-w c:\windows\System32\rpcnetp.exe
2009-01-16 00:19 --------- d-----w c:\programdata\hpqLog
2009-01-15 18:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 18:29 --------- d-----w c:\program files\Java
2008-12-30 21:13 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-28 14:07 17,408 ----a-w c:\windows\System32\rpcnetp.dll
2008-12-25 19:44 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-25 19:44 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-16 17:33 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-16 17:12 --------- d-----w c:\programdata\McAfee
2008-12-16 17:12 --------- d-----w c:\program files\McAfee
2008-12-16 17:09 --------- d-----w c:\program files\Windows Mail
2008-12-16 17:08 --------- d-----w c:\programdata\SiteAdvisor
2008-12-16 16:47 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-16 16:41 --------- d-----w c:\program files\Hewlett-Packard
2008-12-16 16:36 --------- d-----w c:\program files\Analog Devices
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:45 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-11-21 21:45 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-11-21 21:45 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-11-21 21:45 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\divx.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2009-01-14_12.37.07.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-11 15:04:01 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-15 12:19:14 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-01-11 15:04:01 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-15 12:19:14 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-01-11 15:04:02 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-15 12:19:14 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-01-11 15:03:51 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:00 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:54 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:02 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:56 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:03 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:56 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:04 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:57 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:08 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:58 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:10 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:58 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:11 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:59 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:15 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:04:03 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-15 12:19:15 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-01-11 15:04:03 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-15 12:19:15 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-01-11 15:04:03 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-15 12:19:16 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-01-11 15:04:03 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-15 12:19:16 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-01-11 15:04:01 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-15 12:19:13 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-30 08:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll
+ 2008-02-27 13:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 13:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll
+ 2008-02-27 14:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll
+ 2008-02-27 13:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe
+ 2009-01-16 00:19:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-16 00:19:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-14 10:34:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 00:25:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 00:25:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-14 10:34:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 00:25:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 00:25:05 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-14 09:34:16 97,596 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-15 23:48:25 97,596 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-14 09:34:16 569,156 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-15 23:48:25 569,156 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-14 09:28:31 5,796 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2763801915-4081686023-2070645922-1004_UserData.bin
+ 2009-01-15 23:42:39 6,480 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2763801915-4081686023-2070645922-1004_UserData.bin
- 2009-01-14 09:28:31 118,480 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-15 23:42:39 119,164 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 07:54:37 45,688 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-15 23:42:36 47,848 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
2008-04-16 22:43 110592 --a------ c:\program files\Hewlett-Packard\File Sanitizer\IEBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-16 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-14 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-03-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-04-16 10240000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-08-04 197904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\r3hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4E7E229-2DE1-4B45-95D4-5C6E5495BF32}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{05CBF57D-2E50-4B67-B28E-E83FDFEAC1E6}"= UDP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{BF2A5372-425E-46F2-B81B-BEB3AF762A88}"= TCP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{B7F08354-740C-4C95-BC30-21C4AA412B15}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{43C1CF6E-1AA6-4C02-B865-DC49FCEC42AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2E50F630-C77F-441F-BE86-EEF9DA5CE16E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4C6536FB-FC0B-49A3-9F21-94FC3DA93A73}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3C46605C-61B9-42D3-9CAE-FD9348B7FE2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8986E67B-1230-49F2-903B-06CF5C7CD3AC}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0867F29D-2E0B-4F6D-B315-8162C29227A7}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{FCE0CE52-889C-4828-ABEA-12F18F52CFAD}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{130A4E17-9946-4C96-814C-7021AD4A1D8E}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D5CC8BC9-8924-4FD0-A619-7F45A2A4E5E7}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2EFE2D48-0731-4CA7-ADF0-6081A38488D5}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{DD585048-C887-470A-9C08-552BAC9D5B2C}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{2CD4A918-73ED-47B7-8C89-A16AB6A22C32}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{A0B8BEC2-F20A-40CC-87C9-515797063F14}c:\\users\\mira\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\frzhbvnd\\mtgoiii_helper[1].exe"= UDP:c:\users\mira\appdata\local\microsoft\windows\temporary internet files\content.ie5\frzhbvnd\mtgoiii_helper[1].exe:mtgoiii_helper[1].exe
"UDP Query User{B199EA02-398F-41BD-9B49-BBE512E72E24}c:\\users\\mira\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\frzhbvnd\\mtgoiii_helper[1].exe"= TCP:c:\users\mira\appdata\local\microsoft\windows\temporary internet files\content.ie5\frzhbvnd\mtgoiii_helper[1].exe:mtgoiii_helper[1].exe
"TCP Query User{C6DBD953-2A8C-4DE2-A50B-9EB5705833BD}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{2A5A67CB-F315-4796-BD3F-CC162D7E7596}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-01-14 28544]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [2008-05-14 12928]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-04-04 20760]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2008-03-21 39712]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [2008-05-14 12496]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [2008-05-13 475520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-11-29 181760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-08-04 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
R4 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-10 1168632]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-08-04 77824]
R4 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-04-07 24936]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-04 576536]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
--- Other Services/Drivers In Memory ---
*Deregistered* - mpsdrv
*Deregistered* - Smb
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9458f03e-cbcf-11dd-8cbd-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bb4f389-d513-11dd-af64-002264493ce3}]
\shell\AutoRun\command - G:\EE3AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
http://www.yahoo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-16 02:25:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(724)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(5680)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\windows\System32\rpcnet.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\igfxsrvc.exe
c:\combofix\hidec.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\taskmgr.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-16 2:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 00:27:54
ComboFix2.txt 2009-01-14 10:38:41
Pre-Run: 88,318,111,744 bytes free
Post-Run: 88,312,025,088 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
416 --- E O F --- 2008-12-28 14:14:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:36 AM, on 1/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\Explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MIRA\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Users\MIRA\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IFXSPMGT] c:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -
http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BA57E6-A62E-49E5-A800-A2A4CCC3852D}: NameServer = 85.255.115.114,85.255.112.176
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12875 bytes
