Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Hijackthis Log


  • This topic is locked This topic is locked
38 replies to this topic

#1 Convik

Convik

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 19 June 2009 - 07:54 PM

I am sent to various ad sites when using google and also am not able to open my antivirus. I downloaded DDS and clicked run but it would not run. Help please, here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:19 PM, on 6/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\Pareto_AV_Setup_RW.exe
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Virus Shield 2009] "C:\Documents and Settings\All Users\2eb7d33\VS2eb7.exe" /s /d (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: http://*.mcafee.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8432E-CCC7-430C-9476-205D3746F27C}: NameServer = 65.32.5.111,65.32.5.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8432E-CCC7-430C-9476-205D3746F27C}: NameServer = 65.32.5.111,65.32.5.112
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

BC AdBot (Login to Remove)

 


m

#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 25 June 2009 - 07:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 27 June 2009 - 09:11 PM

I have downloaded and redownloaded DDS but it fails to run. After clicking run nothing opens.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 27 June 2009 - 09:31 PM

Hi,
Try this then please.........

Create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 27 June 2009 - 10:22 PM

OTL.Txt

OTL logfile created on: 6/27/2009 11:16:51 PM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 349.91 Mb Available Physical Memory | 34.22% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 180.10 Gb Free Space | 80.09% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/25 17:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/02/25 17:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/05/12 12:02:24 | 00,437,760 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/03 02:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2005/06/08 17:42:12 | 14,565,376 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/05/12 09:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
PRC - [2009/04/09 17:04:30 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/09 11:47:12 | 00,923,088 | ---- | M] (Max Secure Software ) -- C:\Program Files\SpywareDetector\SDMainService.exe
PRC - [2009/03/01 04:49:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2005/05/04 19:24:08 | 00,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
PRC - [2005/06/08 12:19:26 | 00,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
PRC - [2009/01/31 11:55:20 | 01,366,528 | ---- | M] (Max Secure Software Pvt. Ltd.) -- C:\Program Files\SpywareDetector\SDActiveMonitor.exe
PRC - [2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/09/14 23:51:03 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/02/13 14:52:28 | 01,720,192 | ---- | M] (Max Secure Software ) -- C:\Program Files\SpywareDetector\SDService.exe
PRC - [2009/02/19 00:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/02/18 14:40:36 | 00,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/04/15 17:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcgcoms.exe
PRC - [2008/12/18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2005/02/02 19:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [1998/05/07 12:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/06/13 13:32:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/27 23:16:33 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/25 17:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/07 16:12:35 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [Disabled | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/01 04:49:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2009/02/19 00:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2005/07/25 09:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2005/04/15 17:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device [On_Demand | Running])
SRV - [2009/01/09 13:05:26 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/05/01 15:34:14 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Stopped])
SRV - [2009/05/08 11:54:34 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/04/09 11:46:14 | 00,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2009/05/13 23:24:26 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Auto | Stopped])
SRV - [2009/05/08 09:33:16 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 22:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/04/09 17:04:30 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Disabled | Stopped])
SRV - [2005/10/14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - File not found -- -- (Pml Driver HPZ12 [Disabled | Stopped])
SRV - [2009/03/07 13:51:50 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])
SRV - [2008/08/08 22:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped])
SRV - [2009/01/09 11:47:12 | 00,923,088 | ---- | M] (Max Secure Software ) -- C:\Program Files\SpywareDetector\SDMainService.exe -- (SDMainSvc [Auto | Running])
SRV - [2009/02/13 14:52:28 | 01,720,192 | ---- | M] (Max Secure Software ) -- C:\Program Files\SpywareDetector\SDService.exe -- (SDService [Auto | Running])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Disabled | Stopped])
SRV - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2009/02/18 14:40:36 | 00,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/06/30 16:16:26 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/02/25 18:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2003/11/05 18:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run [Boot | Running])
DRV - [2004/10/14 19:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2003/12/03 05:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2005/04/15 00:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2 [Boot | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 21:07:58 | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/06/08 19:22:20 | 03,160,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2002/04/11 14:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter [On_Demand | Stopped])
DRV - [2008/04/13 14:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Running])
DRV - [2009/02/18 14:41:10 | 00,186,128 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/12/18 23:43:06 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2008/12/18 23:43:12 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/12/18 23:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
DRV - [2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/12/18 23:43:54 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/05/13 23:24:34 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2009/04/09 14:23:02 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2005/07/04 03:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 12:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 08:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/12/10 11:44:34 | 00,021,888 | ---- | M] (Max Secure Software Pvt. Ltd.) -- C:\Program Files\SpywareDetector\SDActMon.sys -- (SDActMon [On_Demand | Running])
DRV - [2009/01/05 11:53:36 | 00,013,696 | ---- | M] (Max Secure Software Pvt. Ltd.) -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/01 04:49:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/25 22:48:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 17:34:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 10:17:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/14 22:08:55 | 00,000,000 | ---D | M]

[2009/03/01 07:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/03/01 03:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/01 07:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/02/27 17:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\extensions
[2009/02/27 17:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/27 22:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\g5wp8ceu.default\extensions
[2009/06/27 22:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\g5wp8ceu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/01 04:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\g5wp8ceu.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/03/24 22:59:35 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\g5wp8ceu.default\searchplugins\live-search.xml
[2009/06/27 22:05:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 13:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 16:48:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/01 04:50:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/13 13:32:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 13:32:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 16:12:36 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/06/21 19:38:52 | 00,030,280 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
[2007/06/21 19:38:54 | 00,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 19:38:56 | 00,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 19:38:58 | 00,140,872 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
[2007/06/21 19:39:14 | 00,038,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icafile.dll
[2007/06/21 19:39:16 | 00,046,664 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icalogon.dll
[2007/06/21 19:39:18 | 00,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/03/01 04:49:19 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/06/21 19:39:34 | 00,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/03/19 23:35:49 | 00,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2009/06/13 13:32:38 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/14 22:08:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 13:49:12 | 06,583,016 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/06/21 19:39:58 | 00,685,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
[2007/06/21 19:40:02 | 00,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/01 00:40:50 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1108 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] File not found
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe (Max Secure Software Pvt. Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/14 23:46:28 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{36326bde-0dc4-11de-8b5e-0013d4d9f3f4}\Shell - "" = AutoRun
O33 - MountPoints2\{36326bde-0dc4-11de-8b5e-0013d4d9f3f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36326bde-0dc4-11de-8b5e-0013d4d9f3f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (SDEarlyDelete) - C:\WINDOWS\System32\SDEarlyDelete.exe ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[37 C:\WINDOWS\*.tmp files]
[2009/06/27 23:16:33 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/27 22:07:14 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.pif
[2009/06/27 22:07:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/06/27 22:06:36 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds(2).scr
[2009/06/27 18:42:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/06/27 18:42:03 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/27 18:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/27 18:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2009/06/27 18:38:24 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.exe
[2009/06/27 17:47:19 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2009/06/27 17:47:17 | 00,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/06/27 17:47:15 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0203000.01A\isolate.ini
[2009/06/27 17:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0203000.01A
[2009/06/27 17:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2009/06/27 17:47:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2009/06/27 17:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/06/27 17:19:32 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/06/27 17:18:02 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/06/27 17:17:38 | 01,460,840 | ---- | C] (Trend Micro) -- C:\Documents and Settings\HP_Administrator\Desktop\HousecallLauncher.exe
[2009/06/27 16:50:50 | 00,413,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20090627_165047.reg
[2009/06/27 16:49:19 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/27 16:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/27 16:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/27 16:43:51 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/06/27 16:43:49 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/06/26 14:00:10 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/26 13:55:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/26 13:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/26 13:55:46 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/26 13:55:01 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/26 13:55:01 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/26 13:55:01 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/26 13:55:01 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/26 13:55:01 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/26 13:55:01 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/26 13:55:01 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/26 13:55:00 | 00,000,000 | ---D | C] -- C:\a41bf91e023635f6228ef4b120
[2009/06/26 02:24:54 | 00,629,288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB932823-v3-x86-ENU.exe
[2009/06/26 01:56:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/06/26 00:28:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/06/26 00:12:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/06/26 00:12:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/06/26 00:12:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/06/26 00:12:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/06/26 00:09:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/06/26 00:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/06/26 00:01:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/06/25 22:46:28 | 00,002,433 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/25 22:45:35 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/25 22:41:34 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/06/25 22:41:34 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/06/25 22:41:34 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/06/25 22:41:27 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/06/25 22:41:00 | 00,000,362 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/25 22:40:59 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/25 22:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/06/25 22:40:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/06/25 22:34:21 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/06/25 21:27:56 | 10,653,8078 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Registry 6-25-09.reg
[2009/06/25 19:46:02 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\SKYNETuyolrgmh.dat
[2009/06/25 19:41:38 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$dition Resume.doc
[2009/06/25 18:03:51 | 00,013,776 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.exe
[2009/06/25 16:33:36 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareDetector.lnk
[2009/06/25 16:33:29 | 00,000,123 | ---- | C] () -- C:\WINDOWS\System\SysSD.dll
[2009/06/25 16:33:29 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2009/06/25 16:33:28 | 01,060,864 | ---- | C] (Max Secure Software) -- C:\WINDOWS\System32\CheckDll.dll
[2009/06/25 16:33:28 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2009/06/25 16:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareDetector
[2009/06/24 22:22:17 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\antivirus.doc
[2009/06/24 22:17:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/06/24 22:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/24 22:15:03 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/06/24 21:54:33 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\DMSetup(2).exe
[2009/06/24 21:53:25 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\DMSetup.exe
[2009/06/23 21:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/23 21:34:57 | 28,868,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\FileFormatConverters.exe
[2009/06/22 22:39:05 | 00,090,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Review for Exam 3 - Mariam.doc
[2009/06/21 17:42:15 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrections.doc
[2009/06/20 21:26:40 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\3541 - Pokemon Platinum (U)(Xenophobia).sav
[2009/06/20 19:05:20 | 00,411,648 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pokesav PLA - ENG - PP.org.exe
[2009/06/20 19:04:57 | 00,147,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\pokesavplat_en.zip
[2009/06/20 18:08:45 | 01,850,153 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\06_09_09_user.evoCHEATS.zip
[2009/06/20 13:44:25 | 00,007,281 | ---- | C] () -- C:\rollback.ini
[2009/06/19 20:40:14 | 03,463,968 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/19 20:40:14 | 00,139,296 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/19 20:40:14 | 00,046,724 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/19 20:40:14 | 00,013,700 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/06/19 20:38:30 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/06/19 20:32:01 | 00,000,464 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2009/06/19 20:32:00 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2009/06/19 20:31:56 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/06/19 20:29:32 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/06/19 20:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/19 20:28:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2009/06/19 20:26:29 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/06/19 20:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/06/19 20:23:15 | 11,748,680 | ---- | C] (ParetoLogic ) -- C:\Documents and Settings\HP_Administrator\Desktop\Pareto_AV_Setup_RW.exe
[2009/06/19 15:47:51 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/19 15:41:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/06/19 15:40:03 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsDefender.msi
[2009/06/19 15:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/06/18 23:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/18 23:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/06/18 23:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/06/17 17:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2009/06/17 17:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/06/17 17:09:14 | 01,207,026 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\wrar370.exe
[2009/06/15 18:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/06/15 18:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/06/15 17:58:49 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2009/06/15 17:12:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/06/15 17:03:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Citrix
[2009/06/15 10:16:32 | 00,000,625 | ---- | C] () -- C:\Virus Shield 2009.lnk
[2009/06/14 22:05:30 | 01,885,111 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\zack1.mov
[2009/06/14 21:12:32 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam (the best girlfriend ever) Alami - Review 2.doc
[2009/06/14 16:12:13 | 00,103,104 | ---- | C] () -- C:\WINDOWS\System32\SKYNETpppogkvt.dat
[2009/06/14 16:12:12 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\drivers\SKYNETtodeqxow.sys
[2009/06/13 22:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\DSmod
[2009/06/13 22:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Received Files
[2009/06/13 17:41:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
[2009/06/13 17:40:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2009/06/12 18:29:09 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2009/06/12 18:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\mIRC
[2009/06/12 18:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/06/11 19:33:47 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/06/11 19:33:47 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 19:33:47 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 19:33:42 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/06/11 17:59:32 | 00,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2009/06/11 17:58:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Fax
[2009/06/09 15:50:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam Alami - Extra Credit, Rodney King.doc
[2009/06/08 10:40:38 | 00,008,746 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\heart.tif
[2009/06/08 07:00:53 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam Alami - Police Suicide.doc
[2009/06/06 15:54:41 | 00,045,080 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\psyd.pdf
[2009/06/04 20:51:38 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/06/04 20:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/06/02 21:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ABBYY
[2009/04/24 12:23:37 | 00,001,630 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/03/20 18:26:16 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/07 16:03:39 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/01 03:33:47 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2009/03/01 03:24:09 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/28 00:51:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/02/28 00:51:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/09/15 00:17:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 23:50:16 | 00,014,289 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/14 23:50:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/14 23:42:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/14 23:38:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/14 23:37:59 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/14 23:37:59 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/14 23:37:59 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/14 23:37:59 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/14 23:37:59 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/14 23:32:01 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/14 23:16:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/14 23:13:12 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/09/14 22:56:46 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/14 22:49:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/21 12:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/04/15 17:24:38 | 01,191,936 | ---- | C] () -- C:\WINDOWS\System32\lxcgserv.dll
[2005/04/15 17:18:30 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/04/15 17:18:00 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/04/15 17:15:42 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/04/15 17:14:42 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/04/15 17:13:56 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\lxcgprox.dll
[2005/04/15 17:06:40 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\lxcgusb1.dll
[2005/03/14 05:45:20 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/01/28 13:41:20 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/28 05:30:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/07/27 01:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 14:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[37 C:\WINDOWS\*.tmp files]
[2009/06/27 23:16:33 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/06/27 23:16:15 | 03,463,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/27 22:10:23 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/06/27 22:07:19 | 00,139,296 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/27 22:07:14 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.pif
[2009/06/27 22:06:39 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds(2).scr
[2009/06/27 22:01:40 | 00,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/27 21:56:08 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/27 21:54:22 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/06/27 21:53:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/27 21:53:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/27 21:52:55 | 10,721,52576 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/27 21:52:08 | 00,013,700 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/06/27 21:52:07 | 00,046,724 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/06/27 21:50:46 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2009/06/27 18:42:03 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/27 18:39:28 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.exe
[2009/06/27 18:03:56 | 00,007,281 | ---- | M] () -- C:\rollback.ini
[2009/06/27 18:00:01 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/06/27 17:47:19 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2009/06/27 17:47:17 | 00,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/06/27 17:47:15 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0203000.01A\isolate.ini
[2009/06/27 17:32:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/27 17:18:02 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/06/27 17:17:38 | 01,460,840 | ---- | M] (Trend Micro) -- C:\Documents and Settings\HP_Administrator\Desktop\HousecallLauncher.exe
[2009/06/27 16:51:00 | 00,413,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\cc_20090627_165047.reg
[2009/06/27 16:49:19 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/27 16:43:51 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CCleaner.lnk
[2009/06/27 16:27:45 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2009/06/26 18:02:49 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/06/26 14:16:46 | 00,074,392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/26 14:15:52 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/26 14:01:56 | 00,572,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/26 14:01:56 | 00,492,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/26 14:01:56 | 00,090,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/26 02:24:57 | 00,629,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB932823-v3-x86-ENU.exe
[2009/06/26 02:00:01 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/06/26 01:53:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/06/26 00:33:00 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/06/26 00:32:34 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/26 00:07:00 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/25 22:46:28 | 00,002,433 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/25 22:45:35 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/25 22:41:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/25 22:40:59 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/25 21:29:41 | 10,653,8078 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Registry 6-25-09.reg
[2009/06/25 19:49:41 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\drivers\SKYNETtodeqxow.sys
[2009/06/25 19:46:02 | 00,103,104 | ---- | M] () -- C:\WINDOWS\System32\SKYNETpppogkvt.dat
[2009/06/25 19:46:02 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\SKYNETuyolrgmh.dat
[2009/06/25 19:41:38 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$dition Resume.doc
[2009/06/25 18:04:36 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2009/06/25 18:04:25 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareDetector.lnk
[2009/06/24 22:22:25 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\antivirus.doc
[2009/06/24 22:15:04 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/06/24 21:54:31 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\DMSetup(2).exe
[2009/06/24 21:53:23 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\DMSetup.exe
[2009/06/24 20:55:55 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\3541 - Pokemon Platinum (U)(Xenophobia).sav
[2009/06/23 21:35:50 | 28,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\FileFormatConverters.exe
[2009/06/23 20:07:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/22 23:01:22 | 00,090,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Review for Exam 3 - Mariam.doc
[2009/06/22 21:52:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/22 00:05:07 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Corrections.doc
[2009/06/20 19:04:58 | 00,147,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\pokesavplat_en.zip
[2009/06/20 18:08:55 | 01,850,153 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\06_09_09_user.evoCHEATS.zip
[2009/06/19 20:29:32 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/06/19 20:28:33 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2009/06/19 20:26:29 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/06/19 20:23:31 | 11,748,680 | ---- | M] (ParetoLogic ) -- C:\Documents and Settings\HP_Administrator\Desktop\Pareto_AV_Setup_RW.exe
[2009/06/19 15:40:10 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsDefender.msi
[2009/06/17 17:09:15 | 01,207,026 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\wrar370.exe
[2009/06/15 18:36:38 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/06/15 18:36:38 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/06/15 17:58:49 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2009/06/15 17:52:33 | 00,001,108 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/15 10:16:32 | 00,000,625 | ---- | M] () -- C:\Virus Shield 2009.lnk
[2009/06/14 23:30:44 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam (the best girlfriend ever) Alami - Review 2.doc
[2009/06/14 22:01:41 | 01,885,111 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\zack1.mov
[2009/06/12 18:29:09 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2009/06/11 22:13:28 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/11 17:59:32 | 00,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2009/06/09 16:40:36 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam Alami - Extra Credit, Rodney King.doc
[2009/06/08 11:25:35 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Mariam Alami - Police Suicide.doc
[2009/06/08 10:40:38 | 00,008,746 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\heart.tif
[2009/06/06 15:54:41 | 00,045,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\psyd.pdf
[2009/06/04 20:51:45 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/06/02 20:43:20 | 00,000,291 | ---- | M] () -- C:\LXCGINST.csv
[2009/06/02 20:42:25 | 00,000,000 | ---- | M] () -- C:\lxcgfire.csv
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\dds.scr:SummaryInformation
< End of report >






Extras.Txt

OTL Extras logfile created on: 6/27/2009 11:16:51 PM - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 349.91 Mb Available Physical Memory | 34.22% Memory free
2.40 Gb Paging File | 1.75 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 180.10 Gb Free Space | 80.09% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"57718:TCP" = 57718:TCP:*:Enabled:Pando Media Booster
"57718:UDP" = 57718:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/09/14 23:51:03 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/05/24 12:17:46 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/05/24 12:18:00 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/05/24 12:13:32 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/12 20:06:08 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/12 17:28:02 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/05/24 12:42:00 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/12 18:34:58 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/05/24 12:18:52 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/03/16 01:12:10 | 00,417,792 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/03/16 01:17:50 | 00,704,512 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/06/01 10:56:02 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/09/14 23:51:03 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2009/02/28 11:29:38 | 02,785,608 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
[2009/04/06 21:22:00 | 00,167,936 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
File not found -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/11/10 11:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/07/10 00:46:28 | 00,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2005/04/15 17:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series Server
[2005/05/05 07:19:08 | 00,172,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcgPSWX.EXE:*:Enabled:2300 Series Printer Status
[2009/01/29 14:08:45 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2009/04/09 08:18:50 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/04 12:27:34 | 23,975,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CF01AD-9E35-4BD7-9036-7B8478BEB839}" = HPTunesAddIn
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{80B744FE-8712-4D44-A239-EBB7B8979F7E}" = ParetoLogic Anti-Virus PLUS
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9B743536-28E5-4A48-A1CC-8600A18386C3}" = Growler Guncam
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM_6" = AIM 6
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"CCleaner" = CCleaner (remove only)
"Combat Arms" = Combat Arms
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"Lexmark 2300 Series" = Lexmark 2300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LimeWire" = LimeWire 5.0.11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"mIRC" = mIRC
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"NSS" = Norton Security Scan
"ObjectDock" = ObjectDock
"PFPortChecker" = PFPortChecker 1.0.28
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"RealPlayer 6.0" = RealPlayer
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30
"SpywareDetector_is1" = Spyware Detector
"TeamViewer 4" = TeamViewer 4
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2009 12:37:47 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 12:37:58 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 12:39:21 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 12:39:35 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 12:42:00 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 1:01:27 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1001
Description = Fault bucket 294882550.

Error - 6/26/2009 1:01:48 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application ehrecvr.exe, version 5.1.2715.2773, faulting
module wvc1dmoe.dll, version 11.5.5370.6235, fault address 0x0000b144.

Error - 6/26/2009 2:10:03 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/26/2009 2:10:37 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1001
Description = Fault bucket 1228143231.

Error - 6/26/2009 11:53:46 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/27/2009 5:26:39 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Proxy Service
service to connect.

Error - 6/27/2009 5:26:39 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%1053

Error - 6/27/2009 5:26:39 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner
service to connect.

Error - 6/27/2009 5:26:39 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%1053

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Services service
to connect.

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
%%1053

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Proxy Service
service to connect.

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the following
error: %%1053

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner
service to connect.

Error - 6/27/2009 9:54:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%1053


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:24 AM

Posted 29 June 2009 - 06:13 AM

Hi Convik,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

--------------------------------------------------------------------------------------------------------------

Yes, you've been hijacked.

Firstly,

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Next

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 30 June 2009 - 07:26 PM

I click run and it says "GooredFix will automatically check for and remove infection. Yes to continue No to exit."

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:24 AM

Posted 01 July 2009 - 06:10 AM

Click Yes.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 01 July 2009 - 04:26 PM

Ok when I try to turn on my computer it now says " windows\system32\command.com Attempt to access invalid address."

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:24 AM

Posted 01 July 2009 - 04:28 PM

Okay, let's try and remove this another way.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 03 July 2009 - 09:46 PM

Ok I had to run it on safemode so I wasn't able to disable my antiviruses but here is the log.



ComboFix 09-07-03.03 - Administrator 07/03/2009 21:17.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.699 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Virus Shield 2009 *On-access scanning enabled* (Updated) {F9AF13F2-51AD-4403-8302-9902C3FECA20}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Virus Shield 2009 *enabled* {9D50E528-3618-454C-9FA0-35BF350506C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2660c.msi
c:\windows\Installer\2b02d43.msi
c:\windows\Installer\2b02d49.msi
c:\windows\Installer\2b02d4f.msi
c:\windows\Installer\32847.msi
c:\windows\Installer\3503e2.msp
c:\windows\Installer\3503e3.msp
c:\windows\Installer\3503e4.msp
c:\windows\Installer\3503e5.msp
c:\windows\Installer\3503e6.msp
c:\windows\Installer\3503e7.msp
c:\windows\Installer\3503e8.msp
c:\windows\Installer\3503e9.msp
c:\windows\Installer\3503ea.msp
c:\windows\Installer\4717e9.msi
c:\windows\Installer\541be1.msi
c:\windows\Installer\541be6.msi
c:\windows\Installer\89b7cf.msi
c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETtodeqxow.sys
c:\windows\system32\SKYNETpppogkvt.dat
c:\windows\system32\SKYNETuyolrgmh.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 01:10 . 2009-07-04 01:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-01 23:42 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch
2009-07-01 23:42 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-01 23:29 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2009-07-01 23:11 . 2009-07-01 23:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-07-01 23:10 . 2009-07-01 23:10 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 23:09 . 2009-07-01 23:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-01 23:05 . 2009-07-01 23:05 74392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 23:00 . 2009-07-01 23:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-01 00:38 . 2009-07-01 01:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TeamViewer
2009-06-28 02:07 . 2009-06-28 02:07 -------- d--h--w- c:\windows\PIF
2009-06-27 22:47 . 2009-06-30 22:03 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 22:42 . 2009-06-27 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-27 22:41 . 2009-06-27 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 22:41 . 2009-06-27 22:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\windows\system32\drivers\NSS
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\program files\NortonInstaller
2009-06-27 21:19 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-27 20:49 . 2009-06-27 20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-27 20:49 . 2009-06-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-27 20:43 . 2009-06-27 20:43 -------- d-----w- c:\program files\CCleaner
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\program files\MSBuild
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\program files\Reference Assemblies
2009-06-26 17:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-26 17:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-26 17:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-26 17:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-26 17:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-26 17:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-26 17:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- C:\a41bf91e023635f6228ef4b120
2009-06-26 05:56 . 2009-06-26 05:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\scripting
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\l2schemas
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\en
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\bits
2009-06-26 04:09 . 2009-06-26 04:12 -------- d-----w- c:\windows\ServicePackFiles
2009-06-26 02:41 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-26 02:41 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-26 02:41 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-26 02:41 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-26 02:40 . 2009-06-26 02:41 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-26 02:40 . 2009-06-26 02:40 -------- d-----w- c:\program files\McAfee.com
2009-06-26 02:34 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-26 01:15 . 2009-06-26 01:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-25 22:03 . 2009-01-07 21:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-25 20:33 . 2009-06-30 15:45 123 ----a-w- c:\windows\system\SysSD.dll
2009-06-25 20:33 . 2009-01-22 14:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-25 20:33 . 2009-07-01 23:42 -------- d-----w- c:\program files\SpywareDetector
2009-06-25 02:17 . 2009-06-25 02:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-25 02:17 . 2009-06-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 01:35 . 2009-06-24 01:35 -------- d-----w- c:\program files\MSECache
2009-06-20 00:40 . 2009-07-04 01:28 3843872 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-20 00:40 . 2009-07-04 01:28 165920 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-20 00:29 . 2009-06-20 00:29 -------- d-----w- c:\program files\Trend Micro
2009-06-20 00:26 . 2009-06-20 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-06-19 19:41 . 2009-06-19 19:41 -------- d-----w- c:\program files\Windows Defender
2009-06-19 03:55 . 2009-06-20 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-19 03:54 . 2009-06-19 03:54 -------- d-----w- c:\program files\Common Files\iS3
2009-06-19 03:54 . 2009-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-15 22:55 . 2009-06-26 04:28 -------- d-----w- c:\program files\McAfee
2009-06-15 22:47 . 2009-06-26 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-15 21:12 . 2009-06-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-06-15 21:03 . 2009-06-15 21:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Citrix
2009-06-15 21:03 . 2009-06-15 21:03 61224 ----a-w- c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
2009-06-15 14:16 . 2009-06-27 21:24 -------- d-sh--w- c:\documents and settings\All Users\2eb7d33
2009-06-13 21:41 . 2009-06-13 21:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-06-13 21:40 . 2009-06-13 21:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-06-12 22:29 . 2009-06-13 01:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mIRC
2009-06-12 22:29 . 2009-06-27 22:32 -------- d-----w- c:\program files\mIRC
2009-06-11 23:33 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 23:33 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 23:33 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 23:33 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-05 00:51 . 2009-06-05 00:51 -------- d-----w- c:\windows\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 00:34 . 2009-03-10 20:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-07-02 00:23 . 2009-03-10 20:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-07-01 23:58 . 2009-03-10 22:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-07-01 23:41 . 2005-09-15 04:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-01 19:24 . 2009-06-20 00:40 52412 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-01 19:24 . 2009-06-20 00:40 16508 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-01 13:43 . 2009-02-27 04:42 -------- d-----w- c:\program files\Lx_cats
2009-06-29 21:40 . 2005-09-15 03:17 -------- d-----w- c:\program files\HP
2009-06-29 21:40 . 2005-09-15 03:37 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-29 21:21 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-06-27 22:40 . 2009-03-01 07:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 21:47 . 2009-04-01 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-27 21:47 . 2005-09-15 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-27 20:48 . 2009-02-27 21:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-26 18:16 . 2009-02-27 07:09 74392 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 06:27 . 2009-07-01 23:29 298426 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-26 04:15 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-26 04:15 . 2009-06-26 04:15 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-06-26 04:15 . 2009-06-26 04:15 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-06-26 04:15 . 2009-06-26 04:15 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-06-26 04:15 . 2009-06-26 04:15 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-06-26 04:15 . 2009-06-26 04:15 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-06-26 04:15 . 2009-06-26 04:15 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-06-26 04:15 . 2009-06-26 04:15 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-06-26 04:15 . 2009-06-26 04:15 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\program files\ParetoLogic
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-19 03:53 . 2009-02-28 15:58 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-06-19 03:53 . 2009-02-28 15:58 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-06-15 21:03 . 2009-03-06 19:16 -------- d-----w- c:\program files\Citrix
2009-06-15 02:09 . 2009-02-28 04:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-06-14 00:23 . 2009-03-01 11:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-12 02:45 . 2009-02-28 01:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 22:20 . 2009-02-27 04:45 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-06-11 22:09 . 2009-02-27 05:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FaxCtr
2009-06-03 01:09 . 2009-02-27 04:47 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-06-03 00:43 . 2009-04-24 20:09 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-05-19 05:36 . 2009-06-13 04:19 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-13 04:19 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-13 04:19 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-13 04:19 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-13 04:19 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-13 04:19 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-13 04:19 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-13 04:19 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-18 22:19 . 2009-05-18 22:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Logitech
2009-05-18 22:19 . 2009-05-18 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-18 22:16 . 2009-05-18 22:16 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-18 22:16 . 2009-05-18 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-18 22:16 . 2005-09-15 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 22:15 . 2009-05-18 22:15 -------- d-----w- c:\program files\Logitech
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 19:37 . 2009-05-09 19:37 10684866 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-09 18:59 . 2009-02-27 21:34 -------- d-----w- c:\program files\Vuze
2009-05-09 18:58 . 2009-05-09 18:58 -------- d-----w- c:\program files\PFPortChecker
2009-05-09 00:30 . 2009-03-29 19:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-23 19:56 . 2009-04-23 19:56 38664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-04-23 19:55 . 2009-04-23 19:56 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-04-23 19:55 . 2009-04-23 19:56 861448 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 18:42 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP466f.tmp
2009-04-11 18:33 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6c66.tmp
2009-04-11 18:14 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP69d5.tmp
2009-04-11 18:07 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP61d6.tmp
2009-04-11 16:16 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP4650.tmp
2009-04-11 16:11 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6ac0.tmp
2009-04-11 15:58 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP682f.tmp
2009-04-11 14:30 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6a72.tmp
2009-04-11 14:29 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP67a3.tmp
2009-04-11 14:28 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5c0a.tmp
2009-04-11 14:26 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6c37.tmp
2009-04-11 14:25 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5c29.tmp
2009-04-11 14:18 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fb5.tmp
2009-04-11 14:15 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fa4.tmp
2009-04-11 14:10 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP61a8.tmp
2009-04-11 14:06 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP617a.tmp
2009-04-11 14:03 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fb4.tmp
2009-04-11 13:56 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f95.tmp
2009-04-11 13:52 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6179.tmp
2009-04-11 13:49 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP614a.tmp
2009-04-11 13:45 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5eaa.tmp
2009-04-11 13:42 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP605f.tmp
2009-04-11 13:38 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5d23.tmp
2009-04-11 13:32 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP66f7.tmp
2009-04-11 13:28 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP62a2.tmp
2009-04-11 13:25 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6205.tmp
2009-04-11 13:21 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5ec9.tmp
2009-04-11 13:18 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f94.tmp
2009-04-11 13:14 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP611b.tmp
2009-04-11 13:11 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP63ca.tmp
2009-04-11 13:01 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5e2d.tmp
2009-04-11 12:57 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f65.tmp
2009-04-11 12:54 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP8954.tmp
2009-03-07 20:12 . 2009-03-07 20:12 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD5442"="del" [X]
"SpybotDeletingD7304"="del" [X]
"SpybotDeletingD5405"="del" [X]
"SpybotDeletingD9536"="del" [X]
"SpybotDeletingD4150"="del" [X]
"SpybotDeletingD9381"="del" [X]
"SpybotDeletingD7674"="del" [X]
"SpybotDeletingD9680"="del" [X]
"SpybotDeletingD9014"="del" [X]
"SpybotDeletingD9575"="del" [X]
"SpybotDeletingD6179"="del" [X]
"SpybotDeletingD5542"="del" [X]
"SpybotDeletingD9907"="del" [X]
"SpybotDeletingD6494"="del" [X]
"SpybotDeletingD5014"="del" [X]
"SpybotDeletingD2178"="del" [X]
"SpybotDeletingD4247"="del" [X]
"SpybotDeletingD650"="del" [X]
"SpybotDeletingD5731"="del" [X]
"SpybotDeletingD2621"="del" [X]
"SpybotDeletingD5194"="del" [X]
"SpybotDeletingD1286"="del" [X]
"SpybotDeletingD6272"="del" [X]
"SpybotDeletingD3227"="del" [X]
"SpybotDeletingD1595"="del" [X]
"SpybotDeletingD5349"="del" [X]
"SpybotDeletingD4444"="del" [X]
"SpybotDeletingD9317"="del" [X]
"SpybotDeletingD8811"="del" [X]
"SpybotDeletingD5073"="del" [X]
"SpybotDeletingD7698"="del" [X]
"SpybotDeletingD6500"="del" [X]
"SpybotDeletingD8232"="del" [X]
"SpybotDeletingD4092"="del" [X]
"SpybotDeletingD1952"="del" [X]
"SpybotDeletingD6551"="del" [X]
"SpybotDeletingD2257"="del" [X]
"SpybotDeletingD9631"="del" [X]
"SpybotDeletingD3648"="del" [X]
"SpybotDeletingD6807"="del" [X]
"SpybotDeletingD2123"="del" [X]
"SpybotDeletingD6711"="del" [X]
"SpybotDeletingD7776"="del" [X]
"SpybotDeletingD6467"="del" [X]
"SpybotDeletingD6092"="del" [X]
"SpybotDeletingD6284"="del" [X]
"SpybotDeletingD9763"="del" [X]
"SpybotDeletingD4990"="del" [X]
"SpybotDeletingD9250"="del" [X]
"SpybotDeletingD7994"="del" [X]
"SpybotDeletingD5912"="del" [X]
"SpybotDeletingD9725"="del" [X]
"SpybotDeletingD517"="del" [X]
"SpybotDeletingD1359"="del" [X]
"SpybotDeletingD3752"="del" [X]
"SpybotDeletingD2331"="del" [X]
"SpybotDeletingD9088"="del" [X]
"SpybotDeletingD5167"="del" [X]
"SpybotDeletingD6816"="del" [X]
"SpybotDeletingD5652"="del" [X]
"SpybotDeletingD7650"="del" [X]
"SpybotDeletingD6112"="del" [X]
"SpybotDeletingD7263"="del" [X]
"SpybotDeletingD5755"="del" [X]
"SpybotDeletingD4139"="del" [X]
"SpybotDeletingD9939"="del" [X]
"SpybotDeletingD4442"="del" [X]
"SpybotDeletingD9070"="del" [X]
"SpybotDeletingD160"="del" [X]
"SpybotDeletingD496"="del" [X]
"SpybotDeletingD2014"="del" [X]
"SpybotDeletingD9302"="del" [X]
"SpybotDeletingD6474"="del" [X]
"SpybotDeletingD1736"="del" [X]
"SpybotDeletingD9672"="del" [X]
"SpybotDeletingD738"="del" [X]
"SpybotDeletingD1002"="del" [X]
"SpybotDeletingD4417"="del" [X]
"SpybotDeletingD3098"="del" [X]
"SpybotDeletingD8417"="del" [X]
"SpybotDeletingD6603"="del" [X]
"SpybotDeletingD4210"="del" [X]
"SpybotDeletingD9077"="del" [X]
"SpybotDeletingD9624"="del" [X]
"SpybotDeletingD2913"="del" [X]
"SpybotDeletingD6430"="del" [X]
"SpybotDeletingD7424"="del" [X]
"SpybotDeletingD7643"="del" [X]
"SpybotDeletingD5269"="del" [X]
"SpybotDeletingD7450"="del" [X]
"SpybotDeletingD7873"="del" [X]
"SpybotDeletingD5531"="del" [X]
"SpybotDeletingD4169"="del" [X]
"SpybotDeletingD9211"="del" [X]
"SpybotDeletingD5509"="del" [X]
"SpybotDeletingD7290"="del" [X]
"SpybotDeletingD6944"="del" [X]
"SpybotDeletingD7557"="del" [X]
"SpybotDeletingD1710"="del" [X]
"SpybotDeletingD9057"="del" [X]
"SpybotDeletingD3378"="del" [X]
"SpybotDeletingD986"="del" [X]
"SpybotDeletingD3509"="del" [X]
"SpybotDeletingD2885"="del" [X]
"SpybotDeletingD9165"="del" [X]
"SpybotDeletingD8050"="del" [X]
"SpybotDeletingD6811"="del" [X]
"SpybotDeletingD9068"="del" [X]
"SpybotDeletingD3149"="del" [X]
"SpybotDeletingD4849"="del" [X]
"SpybotDeletingD5803"="del" [X]
"SpybotDeletingD7860"="del" [X]
"SpybotDeletingD4401"="del" [X]
"SpybotDeletingD4986"="del" [X]
"SpybotDeletingD6511"="del" [X]
"SpybotDeletingD2043"="del" [X]
"SpybotDeletingD836"="del" [X]
"SpybotDeletingD1067"="del" [X]
"SpybotDeletingD5743"="del" [X]
"SpybotDeletingD2940"="del" [X]
"SpybotDeletingD7749"="del" [X]
"SpybotDeletingD7761"="del" [X]
"SpybotDeletingD3915"="del" [X]
"SpybotDeletingD1199"="del" [X]
"SpybotDeletingD7469"="del" [X]
"SpybotDeletingD6936"="del" [X]
"SpybotDeletingD2660"="del" [X]
"SpybotDeletingD6313"="del" [X]
"SpybotDeletingD21"="del" [X]
"SpybotDeletingD3770"="del" [X]
"SpybotDeletingD4340"="del" [X]
"SpybotDeletingD8894"="del" [X]
"SpybotDeletingD8857"="del" [X]
"SpybotDeletingD2944"="del" [X]
"SpybotDeletingD6923"="del" [X]
"SpybotDeletingD3389"="del" [X]
"SpybotDeletingD1140"="del" [X]
"SpybotDeletingD7692"="del" [X]
"SpybotDeletingD4110"="del" [X]
"SpybotDeletingD8160"="del" [X]
"SpybotDeletingD470"="del" [X]
"SpybotDeletingD4308"="del" [X]
"SpybotDeletingD2431"="del" [X]
"SpybotDeletingD7294"="del" [X]
"SpybotDeletingD4435"="del" [X]
"SpybotDeletingD5826"="del" [X]
"SpybotDeletingD2406"="del" [X]
"SpybotDeletingD690"="del" [X]
"SpybotDeletingD6803"="del" [X]
"SpybotDeletingD7890"="del" [X]
"SpybotDeletingD5311"="del" [X]
"SpybotDeletingD3477"="del" [X]
"SpybotDeletingD697"="del" [X]
"SpybotDeletingD5478"="del" [X]
"SpybotDeletingD6236"="del" [X]
"SpybotDeletingD6688"="del" [X]
"SpybotDeletingD968"="del" [X]
"SpybotDeletingD2997"="del" [X]
"SpybotDeletingD8302"="del" [X]
"SpybotDeletingD8108"="del" [X]
"SpybotDeletingD9733"="del" [X]
"SpybotDeletingD5047"="del" [X]
"SpybotDeletingD276"="del" [X]
"SpybotDeletingB4032"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1581"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6845"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5507"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1537"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4322"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2059"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2007"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6633"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8521"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9112"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1784"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5987"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6266"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5019"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5754"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5750"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB401"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB284"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1203"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6061"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1085"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9648"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3634"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8069"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4852"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3083"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4775"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6411"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8272"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3433"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1754"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2240"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5259"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7631"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1574"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3910"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB895"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7665"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1598"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7003"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3594"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9672"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1779"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8004"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6127"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7815"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9956"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9470"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2111"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5513"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2602"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9227"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9601"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3015"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2958"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2454"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5423"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3575"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB899"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1125"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB840"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6999"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5242"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6391"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3970"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2545"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1931"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5158"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7228"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB310"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6678"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3124"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2327"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7755"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1840"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5147"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3376"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2277"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1912"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9997"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8285"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9742"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2880"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8653"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2042"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6326"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8241"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8964"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4335"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7851"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5949"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4603"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB812"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9797"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4061"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB346"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8340"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB635"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9536"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6757"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3377"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8414"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3307"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5282"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2435"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6324"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9222"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9355"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2607"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1105"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5942"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9895"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7432"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7536"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3435"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6303"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7041"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7556"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6494"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9510"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB528"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3120"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2822"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB867"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9466"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9665"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1097"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB852"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB767"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2396"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3845"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7824"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2200"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5325"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9045"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8864"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6423"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB818"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8507"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8329"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6407"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1599"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1772"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5199"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7932"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8174"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6200"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5421"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9831"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6108"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2218"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7191"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7831"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8638"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB618"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1894"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2546"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3189"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2341"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9020"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB193"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB664"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-15 180269]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 1838592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-08 14565376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Wrapper"="runonce" [X]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-18 809488]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-12 984352]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-9-14 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgPSWX.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"57718:TCP"= 57718:TCP:Pando Media Booster
"57718:UDP"= 57718:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [5/18/2009 6:19 PM 10384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe --> c:\program files\SpywareDetector\SDMainService.exe [?]
S2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe --> c:\program files\SpywareDetector\SDService.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 SDActMon;SDActMon;\??\c:\program files\SpywareDetector\SDActMon.sys --> c:\program files\SpywareDetector\SDActMon.sys [?]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/1/2009 4:41 AM 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCSYSMON
*NewlyCreated* - MFEAVFK
*NewlyCreated* - MFEBOPK

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36326bde-0dc4-11de-8b5e-0013d4d9f3f4}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]

2009-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-01 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.3.0.26\Nss.exe [2009-06-27 21:47]

2009-07-01 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-06-30 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-06-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2009-07-01 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2009-07-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-04-04 11:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-SDActiveMonitor - c:\program files\SpywareDetector\SDActiveMonitor.exe
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {19B8432E-CCC7-430C-9476-205D3746F27C} = 65.32.5.111,65.32.5.112
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g5wp8ceu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 21:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3625167848-1452504851-4048811650-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AlienGUIse\wbload.exe
c:\windows\arservice.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\windows\system32\dllhost.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-04 21:35 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2009-07-04 01:34

Pre-Run: 194,228,183,040 bytes free
Post-Run: 193,067,978,752 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=,1,3,4,5
806 --- E O F --- 2009-06-28 02:01

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:24 AM

Posted 04 July 2009 - 05:02 AM

That's done the trick. We still have other malware to shift though.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\DUMP466f.tmp
c:\windows\DUMP6c66.tmp
c:\windows\DUMP69d5.tmp
c:\windows\DUMP61d6.tmp
c:\windows\DUMP4650.tmp
c:\windows\DUMP6ac0.tmp
c:\windows\DUMP682f.tmp
c:\windows\DUMP6a72.tmp
c:\windows\DUMP67a3.tmp
c:\windows\DUMP5c0a.tmp
c:\windows\DUMP6c37.tmp
c:\windows\DUMP5c29.tmp
c:\windows\DUMP5fb5.tmp
c:\windows\DUMP5fa4.tmp
c:\windows\DUMP61a8.tmp
c:\windows\DUMP617a.tmp
c:\windows\DUMP5fb4.tmp
c:\windows\DUMP5f95.tmp
c:\windows\DUMP6179.tmp
c:\windows\DUMP614a.tmp
c:\windows\DUMP5eaa.tmp
c:\windows\DUMP605f.tmp
c:\windows\DUMP5d23.tmp
c:\windows\DUMP66f7.tmp
c:\windows\DUMP62a2.tmp
c:\windows\DUMP6205.tmp
c:\windows\DUMP5ec9.tmp
c:\windows\DUMP5f94.tmp
c:\windows\DUMP611b.tmp
c:\windows\DUMP63ca.tmp
c:\windows\DUMP5e2d.tmp
c:\windows\DUMP5f65.tmp
c:\windows\DUMP8954.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

That should finish it off :thumbup2:


Please then do this:



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :)
Posted Image
m0le is a proud member of UNITE

#13 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 04 July 2009 - 08:08 PM

ComboFix


ComboFix 09-07-04.04 - HP_Administrator 07/04/2009 19:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Virus Shield 2009 *On-access scanning enabled* (Updated) {F9AF13F2-51AD-4403-8302-9902C3FECA20}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Virus Shield 2009 *enabled* {9D50E528-3618-454C-9FA0-35BF350506C0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 01:10 . 2009-07-04 01:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-01 23:42 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch
2009-07-01 23:42 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-01 23:29 . 2009-07-01 23:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2009-07-01 23:11 . 2009-07-01 23:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-07-01 23:10 . 2009-07-01 23:10 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 23:09 . 2009-07-01 23:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-01 23:05 . 2009-07-01 23:05 74392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 23:00 . 2009-07-01 23:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-01 00:38 . 2009-07-01 01:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TeamViewer
2009-06-28 02:07 . 2009-06-28 02:07 -------- d--h--w- c:\windows\PIF
2009-06-27 22:47 . 2009-07-04 14:12 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 22:42 . 2009-06-27 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-27 22:41 . 2009-06-27 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 22:41 . 2009-06-27 22:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\windows\system32\drivers\NSS
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 21:47 . 2009-06-27 21:47 -------- d-----w- c:\program files\NortonInstaller
2009-06-27 21:19 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-27 20:49 . 2009-06-27 20:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-27 20:49 . 2009-06-27 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-27 20:43 . 2009-06-27 20:43 -------- d-----w- c:\program files\CCleaner
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\program files\MSBuild
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- c:\program files\Reference Assemblies
2009-06-26 17:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-26 17:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-26 17:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-26 17:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-26 17:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-26 17:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-26 17:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-26 17:55 . 2009-06-26 17:55 -------- d-----w- C:\a41bf91e023635f6228ef4b120
2009-06-26 05:56 . 2009-06-26 05:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\scripting
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\l2schemas
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\en
2009-06-26 04:12 . 2009-06-26 04:12 -------- d-----w- c:\windows\system32\bits
2009-06-26 04:09 . 2009-06-26 04:12 -------- d-----w- c:\windows\ServicePackFiles
2009-06-26 02:41 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-26 02:41 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-26 02:41 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-26 02:41 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-26 02:40 . 2009-06-26 02:41 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-26 02:40 . 2009-06-26 02:40 -------- d-----w- c:\program files\McAfee.com
2009-06-26 02:34 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-26 01:15 . 2009-06-26 01:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-25 22:03 . 2009-01-07 21:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-25 20:33 . 2009-06-30 15:45 123 ----a-w- c:\windows\system\SysSD.dll
2009-06-25 20:33 . 2009-01-22 14:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-25 20:33 . 2009-07-01 23:42 -------- d-----w- c:\program files\SpywareDetector
2009-06-25 02:17 . 2009-06-25 02:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-25 02:17 . 2009-06-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 01:35 . 2009-06-24 01:35 -------- d-----w- c:\program files\MSECache
2009-06-20 00:40 . 2009-07-04 23:48 4006944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-20 00:40 . 2009-07-04 23:48 418080 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-20 00:29 . 2009-06-20 00:29 -------- d-----w- c:\program files\Trend Micro
2009-06-20 00:26 . 2009-06-20 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-06-19 19:41 . 2009-06-19 19:41 -------- d-----w- c:\program files\Windows Defender
2009-06-19 03:55 . 2009-06-20 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-19 03:54 . 2009-06-19 03:54 -------- d-----w- c:\program files\Common Files\iS3
2009-06-19 03:54 . 2009-06-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-15 22:55 . 2009-06-26 04:28 -------- d-----w- c:\program files\McAfee
2009-06-15 22:47 . 2009-06-26 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-15 21:12 . 2009-06-15 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-06-15 21:03 . 2009-06-15 21:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Citrix
2009-06-15 21:03 . 2009-06-15 21:03 61224 ----a-w- c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
2009-06-15 14:16 . 2009-06-27 21:24 -------- d-sh--w- c:\documents and settings\All Users\2eb7d33
2009-06-13 21:41 . 2009-06-13 21:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-06-13 21:40 . 2009-06-13 21:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-06-12 22:29 . 2009-06-13 01:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mIRC
2009-06-12 22:29 . 2009-06-27 22:32 -------- d-----w- c:\program files\mIRC
2009-06-11 23:33 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 23:33 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 23:33 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 23:33 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-05 00:51 . 2009-06-05 00:51 -------- d-----w- c:\windows\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 23:37 . 2009-03-10 20:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-07-04 22:51 . 2009-03-10 20:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-07-04 02:55 . 2009-06-20 00:40 53156 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-04 02:55 . 2009-06-20 00:40 39572 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-01 23:58 . 2009-03-10 22:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-07-01 23:41 . 2005-09-15 04:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-01 13:43 . 2009-02-27 04:42 -------- d-----w- c:\program files\Lx_cats
2009-06-29 21:40 . 2005-09-15 03:17 -------- d-----w- c:\program files\HP
2009-06-29 21:40 . 2005-09-15 03:37 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-29 21:21 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-06-27 22:40 . 2009-03-01 07:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 21:47 . 2009-04-01 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-27 21:47 . 2005-09-15 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-27 20:48 . 2009-02-27 21:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-26 18:16 . 2009-02-27 07:09 74392 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 06:27 . 2009-07-01 23:29 298426 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-26 04:15 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-26 04:15 . 2009-06-26 04:15 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-06-26 04:15 . 2009-06-26 04:15 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-06-26 04:15 . 2009-06-26 04:15 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-06-26 04:15 . 2009-06-26 04:15 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-06-26 04:15 . 2009-06-26 04:15 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-06-26 04:15 . 2009-06-26 04:15 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-06-26 04:15 . 2009-06-26 04:15 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-06-26 04:15 . 2009-06-26 04:15 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\program files\ParetoLogic
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-20 00:26 . 2009-02-27 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-19 03:53 . 2009-02-28 15:58 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-06-19 03:53 . 2009-02-28 15:58 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-06-15 21:03 . 2009-03-06 19:16 -------- d-----w- c:\program files\Citrix
2009-06-15 02:09 . 2009-02-28 04:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-06-14 00:23 . 2009-03-01 11:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-12 02:45 . 2009-02-28 01:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 22:20 . 2009-02-27 04:45 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-06-11 22:09 . 2009-02-27 05:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FaxCtr
2009-06-03 01:09 . 2009-02-27 04:47 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-06-03 00:43 . 2009-04-24 20:09 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-05-19 05:36 . 2009-06-13 04:19 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-13 04:19 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-13 04:19 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-13 04:19 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-13 04:19 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-13 04:19 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-13 04:19 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-13 04:19 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-18 22:19 . 2009-05-18 22:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Logitech
2009-05-18 22:19 . 2009-05-18 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-18 22:18 . 2009-05-18 22:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-18 22:16 . 2009-05-18 22:16 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-18 22:16 . 2009-05-18 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-18 22:16 . 2005-09-15 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 22:15 . 2009-05-18 22:15 -------- d-----w- c:\program files\Logitech
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 19:37 . 2009-05-09 19:37 10684866 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-09 18:59 . 2009-02-27 21:34 -------- d-----w- c:\program files\Vuze
2009-05-09 18:58 . 2009-05-09 18:58 -------- d-----w- c:\program files\PFPortChecker
2009-05-09 00:30 . 2009-03-29 19:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-23 19:56 . 2009-04-23 19:56 38664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-04-23 19:55 . 2009-04-23 19:56 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-04-23 19:55 . 2009-04-23 19:56 861448 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 18:42 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP466f.tmp
2009-04-11 18:33 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6c66.tmp
2009-04-11 18:14 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP69d5.tmp
2009-04-11 18:07 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP61d6.tmp
2009-04-11 16:16 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP4650.tmp
2009-04-11 16:11 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6ac0.tmp
2009-04-11 15:58 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP682f.tmp
2009-04-11 14:30 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6a72.tmp
2009-04-11 14:29 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP67a3.tmp
2009-04-11 14:28 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5c0a.tmp
2009-04-11 14:26 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6c37.tmp
2009-04-11 14:25 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5c29.tmp
2009-04-11 14:18 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fb5.tmp
2009-04-11 14:15 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fa4.tmp
2009-04-11 14:10 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP61a8.tmp
2009-04-11 14:06 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP617a.tmp
2009-04-11 14:03 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5fb4.tmp
2009-04-11 13:56 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f95.tmp
2009-04-11 13:52 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6179.tmp
2009-04-11 13:49 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP614a.tmp
2009-04-11 13:45 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5eaa.tmp
2009-04-11 13:42 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP605f.tmp
2009-04-11 13:38 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5d23.tmp
2009-04-11 13:32 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP66f7.tmp
2009-04-11 13:28 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP62a2.tmp
2009-04-11 13:25 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP6205.tmp
2009-04-11 13:21 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5ec9.tmp
2009-04-11 13:18 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f94.tmp
2009-04-11 13:14 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP611b.tmp
2009-04-11 13:11 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP63ca.tmp
2009-04-11 13:01 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5e2d.tmp
2009-04-11 12:57 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP5f65.tmp
2009-04-11 12:54 . 2009-02-28 04:01 98304 ----a-w- c:\windows\DUMP8954.tmp
2009-03-07 20:12 . 2009-03-07 20:12 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-15 180269]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-07 1838592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-06-08 14565376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-18 809488]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-12 984352]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-9-14 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgPSWX.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"57718:TCP"= 57718:TCP:Pando Media Booster
"57718:UDP"= 57718:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [5/18/2009 6:19 PM 10384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe --> c:\program files\SpywareDetector\SDMainService.exe [?]
S2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe --> c:\program files\SpywareDetector\SDService.exe [?]
S3 SDActMon;SDActMon;\??\c:\program files\SpywareDetector\SDActMon.sys --> c:\program files\SpywareDetector\SDActMon.sys [?]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/1/2009 4:41 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]

2009-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-01 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.3.0.26\Nss.exe [2009-06-27 21:47]

2009-07-01 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-07-04 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]

2009-07-04 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2009-07-01 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2009-07-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-04-04 11:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {19B8432E-CCC7-430C-9476-205D3746F27C} = 65.32.5.111,65.32.5.112
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g5wp8ceu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 19:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3625167848-1452504851-4048811650-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-04 19:52
ComboFix-quarantined-files.txt 2009-07-04 23:52
ComboFix2.txt 2009-07-04 01:35

Pre-Run: 193,083,338,752 bytes free
Post-Run: 193,061,330,944 bytes free

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=,1,3,4,5
430 --- E O F --- 2009-06-28 02:01




MBAM



Malwarebytes' Anti-Malware 1.38
Database version: 2374
Windows 5.1.2600 Service Pack 3

7/4/2009 8:50:34 PM
mbam-log-2009-07-04 (20-50-34).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 211199
Time elapsed: 48 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Search.Hijack) -> Bad: (http://plexfind.com/?aid=10010&n=10&subid=a256_7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Search.Hijack) -> Bad: (http://plexfind.com/?aid=10010&n=10&subid=a256_7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Search.Hijack) -> Bad: (http://plexfind.com/?aid=10010&n=10&subid=a256_7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Search.Hijack) -> Bad: (http://plexfind.com/?aid=10010&n=10&subid=a256_7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Search.Hijack) -> Bad: (http://plexfind.com/?aid=10010&n=10&subid=a256_7&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\intalscrens.exe (Worm.Autorun) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe (Worm.Autorun) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Worm.Autorun) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe (Trojan.Agent) -> Delete on reboot.
C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\Services.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1292832515-2685961851-318933812-6215\service.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndrv.exe (Worm.AutoRun) -> Delete on reboot.
C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe (Worm.AutoRun) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe (Backdoor.Bot) -> Delete on reboot.
C:\Virus Shield 2009.lnk (Rogue.VirusShield) -> Quarantined and deleted successfully.
C:\RECYCLER\blazewrm.vmx (Worm.BlazeBot) -> Delete on reboot.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:24 AM

Posted 05 July 2009 - 05:29 AM

Okay, that was an unexpected flurry of malware. :)

Some items do not want to go.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\DUMP*.tmp
    C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe 
    C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\intalscrens.exe 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe 
    C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe 
    C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\csrss.exe 
    C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\Services.exe 
    C:\RECYCLER\S-1-5-21-1292832515-2685961851-318933812-6215\service.exe
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndrv.exe
    C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe 
    C:\RECYCLER\blazewrm.vmx
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 Convik

Convik
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 05 July 2009 - 10:24 AM

c:\windows\DUMP66f7.tmp moved successfully.
c:\windows\DUMP67a3.tmp moved successfully.
c:\windows\DUMP682f.tmp moved successfully.
c:\windows\DUMP69d5.tmp moved successfully.
c:\windows\DUMP6a72.tmp moved successfully.
c:\windows\DUMP6ac0.tmp moved successfully.
c:\windows\DUMP6c37.tmp moved successfully.
c:\windows\DUMP6c66.tmp moved successfully.
c:\windows\DUMP8954.tmp moved successfully.
File/Folder C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe not found.
File/Folder C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\intalscrens.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe not found.
File/Folder C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\csrss.exe not found.
File/Folder C:\recycler\s-1-5-21-484763869-1614574334-18083462561-100\Services.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1292832515-2685961851-318933812-6215\service.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndrv.exe not found.
File/Folder C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\r00t.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe not found.
File/Folder C:\RECYCLER\blazewrm.vmx not found.

OTM by OldTimer - Version 3.0.0.4 log created on 07052009_112332




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users