Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected and my ip shows up as 000.000.000


  • This topic is locked This topic is locked
21 replies to this topic

#1 jacolas_saxolas

jacolas_saxolas

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 09 June 2010 - 12:36 PM

Hello!


My computer freezes all the time, it's really slow and my ip when i use ipconfig shows up as 000.000.000.
I only have access to the internet when in safe mode with networking.However, once in a while my computer has internet in normal mode but after restarting it's all gone
I have already run Malware Bytes and Mcafee and none of them solved my problem.I also have some problems with mcafee because i turn real protection on but after a while it goes off, even in safe mode and malwarebytes is always blocking sites even when im not browsing the web.
Also when browsing the web a popup(always the same) shows up when in normal sites like google or the financial times redirecting me to an online casino.
And to make matters even worst my audio doesnt work.
This is my HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:06:11, on 09-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Windows\System32\window.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Tidy Favorites\TidyFavorites.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1:8998
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
R3 - URLSearchHook: iPhone OS 3 Toolbar - {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll
R3 - URLSearchHook: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O1 - Hosts: 75.126.151.179 l2testauthd.lineage2.com
O1 - Hosts: 75.126.151.179 l2authd.lineage2.com
O1 - Hosts: 209.34.168.66 nProtect.lineage2.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100513221033.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OnlineArmorTR] "C:\WINDOWS\OATR.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows] "C:\Windows\System32\window.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [TidyFavorites] "C:\Program Files\Tidy Favorites\TidyFavorites.exe"
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E5D94BC-3203-4615-90F7-E5A8AD491EA0}: NameServer = 212.113.161.226,212.113.161.227
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 16950 bytes

Thank you in advance,

jacolas_saxolas

Edited by Orange Blossom, 11 June 2010 - 10:01 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 13 June 2010 - 08:11 AM

Hi! Sorry to double post but since my last post I've run some scans and some infections have been removed.
However I've the same issues I had before.

These are my logs:

Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:01, on 12-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Windows\System32\window.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Tidy Favorites\TidyFavorites.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
R3 - URLSearchHook: iPhone OS 3 Toolbar - {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll
R3 - URLSearchHook: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O1 - Hosts: 75.126.151.179 l2testauthd.lineage2.com
O1 - Hosts: 75.126.151.179 l2authd.lineage2.com
O1 - Hosts: 209.34.168.66 nProtect.lineage2.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100513221033.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: iUserbar Toolbar - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OnlineArmorTR] "C:\WINDOWS\OATR.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows] "C:\Windows\System32\window.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [TidyFavorites] "C:\Program Files\Tidy Favorites\TidyFavorites.exe"
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 18371 bytes

MalwareBytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da base de dados: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12-06-2010 16:37:17
mbam-log-2010-06-12 (16-37-17).txt

Tipo de pesquisa: Rápida
Objectos verificados: 135718
Tempo decorrido: 49 minuto(s), 32 segundo(s)

Processos de memória infectados: 0
módulos de Memória infectados: 0
Chaves do Registo Infectadas: 0
Valores do Registo infectados: 0
Itens de dados do Registo Infectados: 0
Pastas Infectadas: 0
Ficheiros Infectados: 0

Processos de memória infectados:
(Nenhum item malicioso detectado)

módulos de Memória infectados:
(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:
(Nenhum item malicioso detectado)

Valores do Registo infectados:
(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:
(Nenhum item malicioso detectado)

Pastas Infectadas:
(Nenhum item malicioso detectado)

Ficheiros Infectados:
(Nenhum item malicioso detectado)




#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:18 PM

Posted 14 June 2010 - 11:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#4 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 16 June 2010 - 03:59 AM

Hello,

Thank you very much for your help.
I ran DDS easily but i had an hard time running gmer since it was always freezing and i only managed to run it in safe mode.

Anyway here are my logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:14:57,78 on 14-06-2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\window.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Tidy Favorites\TidyFavorites.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.pt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfre0.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof0.dll
uURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPho.dll
uURLSearchHooks: iUserbar Toolbar: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - c:\program files\iuserbar\tbiUse.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: iUserbar Toolbar: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - c:\program files\iuserbar\tbiUse.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100513221033.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: iUserbar Toolbar: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - c:\program files\iuserbar\tbiUse.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Windows] "c:\windows\system32\window.exe"
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [TidyFavorites] "c:\program files\tidy favorites\TidyFavorites.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [OnlineArmorTR] "c:\windows\OATR.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 75.126.151.179 l2testauthd.lineage2.com
Hosts: 75.126.151.179 l2authd.lineage2.com
Hosts: 209.34.168.66 nProtect.lineage2.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jhuucvpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.projectosermais.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? Arfumdev;A4Tech USB Port RF-Mouse filter driver
R? dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta
R? EraserUtilDrv10910;EraserUtilDrv10910
R? icsak;icsak
R? ISWKL;ForceField ISWKL
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? MpKsl9b094d04;MpKsl9b094d04
R? NaiAvFilter101;NAI Anti Virus
R? pctgntdi;pctgntdi
R? pctplsg;pctplsg
R? PEVSystemStart;PEVSystemStart
R? PVUSB;CESG502 USB Driver
R? SABKUTIL;SABKUTIL
R? sdAuxService;PC Tools Auxiliary Service
R? sdCoreService;PC Tools Security Service
S? ASKService;ASKService
S? ASKUpgrade;ASKUpgrade
S? Browser Defender Update Service;Browser Defender Update Service
S? cfwids;McAfee Inc. cfwids
S? cpuz133;cpuz133
S? libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1
S? libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McShield;McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
S? PCTCore;PCTools KDS
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2010-06-14 13:40:40 0 d-sh--r- C:\plugins
2010-06-14 13:27:36 0 d-----w- c:\docume~1\admini~1\applic~1\LimeWire
2010-06-14 12:52:58 0 d-----w- c:\docume~1\admini~1\applic~1\FrostWire
2010-06-14 12:51:31 0 d-----w- c:\program files\FrostWire
2010-06-13 20:07:46 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-06-13 14:18:08 40672 ----a-w- c:\windows\system32\drivers\CESG502.sys
2010-06-13 14:18:03 503808 ----a-w- c:\windows\system32\VSFlex8L.ocx
2010-06-13 14:18:03 197 ----a-w- c:\windows\system32\VSFlex8L.inf
2010-06-13 14:17:56 0 d-----w- c:\program files\CASIO
2010-06-12 15:49:40 0 d-sh--w- C:\found.000
2010-06-11 17:01:26 0 d-----w- C:\083647c38db4e021ca
2010-06-11 12:23:49 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-11 12:23:48 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-11 12:23:48 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-11 12:23:48 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-11 12:23:48 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-11 12:23:48 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-11 12:23:48 131 ----a-w- c:\windows\IDB.zip
2010-06-11 12:23:48 1152444 ----a-w- c:\windows\UDB.zip
2010-06-11 12:13:54 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-11 12:13:38 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 12:13:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-11 12:13:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-11 12:13:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 12:13:26 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-11 12:13:26 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 12:13:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-11 12:13:15 0 d-----w- c:\program files\Spyware Doctor
2010-06-11 12:13:15 0 d-----w- c:\docume~1\admini~1\applic~1\PC Tools
2010-06-10 15:35:55 0 d-----w- c:\windows\system32\MpEngineStore
2010-06-10 15:33:21 0 d-----w- C:\1e9865a9927e801865c32a4f540952
2010-06-10 09:33:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-10 09:33:00 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-09 17:02:00 0 d-----w- c:\program files\Trend Micro
2010-06-09 15:52:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-09 15:52:43 98816 ----a-w- c:\windows\sed.exe
2010-06-09 15:52:43 256512 ----a-w- c:\windows\PEV.exe
2010-06-09 15:52:43 161792 ----a-w- c:\windows\SWREG.exe
2010-06-09 15:51:57 0 d-s---w- C:\ComboFix
2010-06-09 11:42:17 0 d-----w- c:\program files\Free Audio Pack
2010-06-09 11:42:17 0 d-----w- c:\docume~1\admini~1\applic~1\FreeAudioPack
2010-06-09 11:31:05 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-09 10:26:14 0 d-----w- c:\program files\ASIO4ALL v2
2010-06-09 10:25:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-09 10:25:56 0 d-----w- c:\program files\VstPlugins
2010-06-09 10:25:23 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-06-09 10:25:09 0 d-----w- c:\program files\Outsim
2010-06-09 10:22:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 10:22:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 10:22:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 10:22:19 0 d-----w- c:\program files\Image-Line
2010-06-06 10:00:45 0 d-----w- c:\program files\DivX H.264 decoder
2010-06-06 09:54:31 0 d-----w- c:\windows\system32\custom matrices
2010-06-06 09:54:21 0 d-----w- c:\windows\system32\QuickTime
2010-06-06 09:54:20 0 d-----w- c:\windows\system32\C2MP
2010-06-06 09:38:06 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-06 09:38:06 0 d-----w- c:\program files\CPUID
2010-06-06 09:12:58 0 d-----w- c:\program files\VideoLAN
2010-06-05 12:48:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Age of Empires 3
2010-06-03 13:20:24 37 ----a-w- c:\windows\marscam.ini
2010-06-03 13:20:18 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-03 13:20:18 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-03 13:16:45 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr
2010-06-03 13:16:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-06-03 13:13:13 110720 ----a-w- c:\windows\system32\drivers\mr97310c.sys
2010-06-03 13:12:47 0 d-----w- c:\program files\Mars
2010-05-22 21:06:49 0 d--h--w- C:\jexepackres
2010-05-22 21:06:39 0 d-----w- c:\program files\AirVideoServer
2010-05-21 19:18:25 0 d-----w- c:\program files\ConvertHelper
2010-05-21 19:16:06 0 d-----w- c:\documents and settings\administrator\dwhelper
2010-05-18 16:49:27 0 d-----w- c:\program files\iUserbar

==================== Find3M ====================

3427-09-25 21:40:30 27480 ----a-w- c:\windows\fonts\Headline_One_HPLHS.ttf
3427-09-25 21:40:30 22908 ----a-w- c:\windows\fonts\futura-normal.ttf
2010-05-18 16:07:42 122600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-28 20:52:50 133544 ----a-w- c:\windows\hpoins15.dat
2010-04-27 16:16:24 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 16:16:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 16:16:24 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 16:16:24 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 16:16:24 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 16:16:24 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 16:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16:24 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 16:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-17 13:35:16 75 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2010-04-17 13:34:06 41 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2010-04-17 13:14:23 0 ----a-w- c:\documents and settings\administrator\jagex__preferences3.dat
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-04-03 22:11:25 2 --shatr- c:\windows\winstart.bat
2004-08-04 00:56:58 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
2009-06-10 12:28:53 5 --sha-w- c:\windows\system32\dbcae9_s.dll

============= FINISH: 19:20:49,07 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 09:50:51
Windows 5.1.2600 Service Pack 3
Running: ujbqnbis.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awpyypow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF73D5112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73B42D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73B44C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF73D5900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73D5BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73D3E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF73D6020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73D53D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF73B3F44]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7414D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7414D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtOpenProcess 8057F592 5 Bytes JMP F7414D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80584849 5 Bytes JMP F7414D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x3C 0xCA 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x18 0x37 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA6 0xDC 0xFD 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x87 0x2E 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x58 0x6B 0x4A 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x4E 0x05 0x92 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xF1 0x6C 0x4A 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0xE1 0x2C 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x86 0x04 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xD7 0x2D 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x05 0x33 0x77 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x27 0x98 0x27 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x40 0x18 0x7B 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x3C 0xCA 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x18 0x37 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA6 0xDC 0xFD 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x87 0x2E 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x58 0x6B 0x4A 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x4E 0x05 0x92 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xF1 0x6C 0x4A 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0xE1 0x2C 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x86 0x04 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0xD7 0x2D 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x05 0x33 0x77 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x27 0x98 0x27 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x40 0x18 0x7B 0xED ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

Thank you in advance

Attached Files

  • Attached File  DDS.txt   28.29KB   5 downloads
  • Attached File  gmer.log   14.4KB   7 downloads


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 20 June 2010 - 03:33 PM

Hello, jacolas_saxolas.
First off, I'm really sorry for the delay in response from our team after Shannon2012 handed it off. Now that I'm with you, responses will be much quicker (no more than 2 days after your last post).

You are clearly infected, but we should be able to fix it.

My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Unfortunately the DDS log didnt' quite come out correctly...malware may be interfering. Please run OTL. Thanks for running GMER in safe mode..that was the right thing to do as well.



Step 1

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



Step 2

also, SAS detected this file as a virus, so I'd like to get a quick online scan.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\AirVideoServer\AirVideoServer.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares

Edited by etavares, 20 June 2010 - 03:37 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 21 June 2010 - 10:12 AM

Hello,

Thank you very much for your help!

However, now when i run my computer in normal mode it freezes so I ran both scans on safe mode.

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: AirVideoServer.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 21 Jun 2010 17:06:57 (CET) Permalink

Additional info
File size: 4818760 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 115ce2dac08d7a3d9885a8ec1283e007
SHA1: debb561cbcc9bbfad0931fb2b45010034d4dfae9

OTL logfile created on: 21-06-2010 15:09:46 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrator\desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.023,00 Mb Total Physical Memory | 665,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 41,12 Gb Free Space | 26,81% Space Free | Partition Type: NTFS
Drive D: | 431,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CB5F94CD68CA4FF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-06-21 15:08:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010-04-27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010-04-27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010-04-01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010-04-01 19:06:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009-12-04 22:24:22 | 002,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-06-21 15:08:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2008-04-14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-04-27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010-04-27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010-04-14 12:29:58 | 000,170,144 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-03-10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010-01-24 11:17:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010-01-24 11:17:32 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009-11-16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-09-21 20:06:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-04-02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009-04-02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008-10-16 20:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008-10-16 20:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008-10-16 20:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2005-04-27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005-03-09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2010-06-10 16:35:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl9b094d04.sys -- (MpKsl9b094d04)
DRV - [2010-05-10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-04-27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010-04-27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010-04-27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010-04-27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010-04-27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010-04-27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010-04-27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010-04-27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010-04-27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010-04-27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010-04-08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010-03-30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010-02-17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-09-15 02:01:44 | 000,007,387 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.cat -- (pctgntdi)
DRV - [2009-06-22 09:42:21 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-02-12 11:12:18 | 000,021,136 | ---- | M] (Check Point Software Technologies) [Kernel | Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009-02-12 11:11:48 | 000,054,928 | ---- | M] (Check Point Software Technologies) [Kernel | Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2008-11-22 14:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008-05-16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-14 05:51:44 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 05:51:44 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008-04-14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007-11-09 20:30:38 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Disabled | Stopped] -- C:\Program Files\Lineage II\system\npkcrypt.sys -- (npkcrypt)
DRV - [2006-05-02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2006-04-11 13:56:12 | 000,010,240 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Arfumx86.sys -- (Arfumdev)
DRV - [2006-01-11 14:33:44 | 000,013,312 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2006-01-11 14:33:32 | 000,008,704 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2005-07-13 17:26:52 | 003,851,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-03-09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005-01-07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-03 22:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003-04-19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003-03-02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002-06-12 22:50:00 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.sys -- (PVUSB)
DRV - [2001-08-17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.pt
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TF = http://search.conduit.com?SearchSource=10&ctid=CT2405280
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.projectosermais.com"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {9CD56302-43D2-49AA-8C0A-1FB303186E88}:5.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {74714d77-1695-4e73-a98e-25cb374f46b4}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-03-02 19:04:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-12-02 19:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-22 11:46:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-27 17:27:51 | 000,000,000 | ---D | M]

[2009-09-08 11:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009-06-28 22:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009-07-02 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2009-07-02 19:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010-06-20 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions
[2010-04-27 20:07:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-27 20:07:36 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010-05-01 17:05:36 | 000,000,000 | ---D | M] (iPhone OS 3 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010-04-27 20:07:35 | 000,000,000 | ---D | M] (Tidy Favorites) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{9CD56302-43D2-49AA-8C0A-1FB303186E88}
[2010-05-21 20:13:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-04-27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firebug@software.joehewitt.com
[2010-01-23 22:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com
[2010-01-10 18:04:19 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\searchplugins\bing.xml
[2009-09-30 11:08:32 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\searchplugins\conduit.xml
[2010-06-20 16:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010-01-13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-04-01 18:34:22 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-04-01 18:34:22 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\priberam.xml
[2010-04-01 18:34:22 | 000,002,071 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sapo.xml
[2010-04-01 18:34:22 | 000,000,942 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml
[2010-04-01 18:34:22 | 000,000,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2009-09-21 20:23:54 | 000,035,101 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.test.com
O1 - Hosts: 127.0.0.1 www.ads.x10.com
O1 - Hosts: 127.0.0.1 www.600pics.com
O1 - Hosts: 127.0.0.1 www.doberman.befree.com
O1 - Hosts: 127.0.0.1 www.enews.bfast.com
O1 - Hosts: 127.0.0.1 www.etoys.bfast.com
O1 - Hosts: 127.0.0.1 www.falcon.bfast.com
O1 - Hosts: 127.0.0.1 www.ftp.befree.com
O1 - Hosts: 127.0.0.1 www.ftp.bfast.com
O1 - Hosts: 127.0.0.1 www.geocities.bfast.com
O1 - Hosts: 127.0.0.1 www.goshoppingonline.bfast.com
O1 - Hosts: 127.0.0.1 www.great-dane.befree.com
O1 - Hosts: 127.0.0.1 www.great-dane.bfast.com
O1 - Hosts: 127.0.0.1 www.greyhound.bfast.com
O1 - Hosts: 127.0.0.1 www.help.bfast.com
O1 - Hosts: 127.0.0.1 www.husky.bfast.com
O1 - Hosts: 127.0.0.1 www.images.bfast.com
O1 - Hosts: 127.0.0.1 www.imp.bfast.com
O1 - Hosts: 127.0.0.1 www.njmgt1.bfast.com
O1 - Hosts: 127.0.0.1 www.njmgt2.bfast.com
O1 - Hosts: 127.0.0.1 www.njrep0.bfast.com
O1 - Hosts: 127.0.0.1 www.njrep1.bfast.com
O1 - Hosts: 127.0.0.1 www.njrep2.bfast.com
O1 - Hosts: 127.0.0.1 www.njtxn1.bfast.com
O1 - Hosts: 127.0.0.1 www.otterhound.bfast.com
O1 - Hosts: 846 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100513221033.dll (McAfee, Inc.)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OnlineArmorTR] C:\WINDOWS\OATR.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [TidyFavorites] C:\Program Files\Tidy Favorites\TidyFavorites.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [Windows] C:\WINDOWS\System32\window.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk = C:\plugins\Server.jar ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-12 12:02:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-02-26 11:49:39 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7cec0d0a-7380-11dc-9361-0011d8ebbc85}\Shell\AutoRun\command - "" = luis.exe
O34 - HKLM BootExecute: (autocheck autochk *sprestrt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-06-12 12:02:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CF7920DA-EDD6-F0BA-FCBD-C1151D6D72DD} - Macromedia Shockwave Director 10.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FC41DEF0-41E3-C385-E0DF-5F1B86F7E3D5} - Security Update for Windows XP (KB913433)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010-06-21 15:08:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-06-20 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-06-14 14:40:40 | 000,000,000 | RHSD | C] -- C:\plugins
[2010-06-14 14:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010-06-14 13:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FrostWire
[2010-06-14 13:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2010-06-14 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010-06-13 21:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-06-13 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CASIO
[2010-06-13 15:18:08 | 000,040,672 | ---- | C] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\WINDOWS\System32\drivers\CESG502.sys
[2010-06-13 15:18:03 | 000,503,808 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\VSFlex8L.ocx
[2010-06-13 15:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2010-06-12 16:49:40 | 000,000,000 | -HSD | C] -- C:\found.000
[2010-06-12 16:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010-06-12 15:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Logs
[2010-06-11 18:01:26 | 000,000,000 | ---D | C] -- C:\083647c38db4e021ca
[2010-06-11 13:23:48 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010-06-11 13:23:48 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010-06-11 13:23:48 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010-06-11 13:13:38 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-06-11 13:13:38 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010-06-11 13:13:26 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-06-11 13:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010-06-11 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-06-11 13:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010-06-10 21:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Albums
[2010-06-10 21:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2010-06-10 17:19:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-06-10 16:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010-06-10 16:33:21 | 000,000,000 | ---D | C] -- C:\1e9865a9927e801865c32a4f540952
[2010-06-10 10:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-06-10 10:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-06-09 18:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-06-09 16:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-09 16:52:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-09 16:52:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-09 16:52:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-09 16:51:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-06-09 16:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-09 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-06-09 12:42:19 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2010-06-09 12:42:19 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2010-06-09 12:42:19 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2010-06-09 12:42:19 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2010-06-09 12:42:19 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2010-06-09 12:42:19 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2010-06-09 12:42:18 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2010-06-09 12:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FreeAudioPack
[2010-06-09 12:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2010-06-09 12:41:22 | 006,925,347 | ---- | C] (Koyote Soft ) -- C:\Documents and Settings\Administrator\My Documents\Setup_FreeConverter.exe
[2010-06-09 12:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010-06-09 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010-06-09 12:28:22 | 011,873,890 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Administrator\My Documents\audacity-win-unicode-1.3.12.exe
[2010-06-09 11:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010-06-09 11:25:56 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2010-06-09 11:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010-06-09 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010-06-09 11:22:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-06-09 11:22:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-06-09 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-06-09 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010-06-07 14:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010-06-06 11:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2010-06-06 11:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\DivX H.264 decoder
[2010-06-06 10:59:28 | 016,418,083 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\My Documents\klcodec600f_1.exe.dap
[2010-06-06 10:54:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010-06-06 10:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-06-06 10:54:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010-06-06 10:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010-06-06 10:53:11 | 020,880,621 | ---- | C] (Media Player) -- C:\Documents and Settings\Administrator\My Documents\media.player.codec.pack.v3.9.5.setup.exe
[2010-06-06 10:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2010-06-06 10:38:06 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010-06-06 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010-06-06 10:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010-06-06 10:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010-06-05 13:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010-06-03 14:16:45 | 000,163,840 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Screen Saver.scr
[2010-06-03 14:16:44 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010-06-03 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010-06-03 14:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-06-03 14:13:13 | 000,110,720 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\mr97310c.sys
[2010-06-03 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mars
[2010-05-31 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iUserbar
[2010-05-22 22:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AirVideoServer
[2010-05-22 22:06:49 | 000,000,000 | -H-D | C] -- C:\jexepackres
[2010-05-22 22:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\AirVideoServer
[2010-05-21 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010-05-21 20:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\dwhelper
[2010-05-18 17:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\iUserbar
[2010-05-18 17:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\iUserbar
[2010-05-16 10:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Testes Intermedios e Exames
[2010-05-12 19:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Tutoriais
[2010-05-10 19:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Wordpress
[2010-05-10 19:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Webocton - Scriptly
[2010-05-10 19:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webocton - Scriptly
[2010-05-09 19:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AdobeStockPhotos
[2010-05-09 13:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\site pos evento
[2010-05-05 16:31:22 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010-05-05 16:31:08 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010-05-05 16:31:08 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010-05-05 16:31:08 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010-05-05 16:31:08 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010-05-05 16:31:08 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010-05-05 16:31:08 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010-05-02 21:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\iPod3,1_3.1.3_7E18_Restore.ipsw
[2010-05-02 21:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\iPod3,1_3.1.3_7E18_Restore.ipsw
[2010-05-01 19:04:43 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Administrator\My Documents\LimeWireWin.exe
[2010-05-01 17:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010-05-01 17:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Regensoft
[2010-05-01 17:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUpMedia
[2010-05-01 17:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010-05-01 17:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Itouch
[2010-05-01 17:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Red Kawa
[2010-05-01 17:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Red Kawa
[2010-05-01 17:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Geckofx
[2010-05-01 17:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Regensoft
[2010-05-01 17:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\OpenCandy
[2010-05-01 17:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2010-04-30 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010-04-26 19:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Cartaz Concertos (verde água).psd
[2010-04-20 18:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\famfamfam_silk_icons_v013
[2010-04-19 14:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iPhone_OS_3
[2010-04-16 20:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FM Genie Scout 10
[2010-04-15 19:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\iPhone_OS_3
[2010-04-15 19:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone_OS_3
[2010-04-14 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Transferências
[2010-04-13 18:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-13 18:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-03-27 00:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FM Genie Scout 10
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-06-21 15:08:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-06-21 14:58:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-21 14:58:44 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010-06-21 14:58:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-21 14:47:32 | 000,181,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-06-21 14:40:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job
[2010-06-21 14:38:36 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010-06-21 14:38:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-20 21:10:14 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-06-20 21:10:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-06-20 16:55:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-06-20 16:44:31 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010-06-19 15:50:18 | 012,031,764 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Exames.rar
[2010-06-17 13:49:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-15 15:29:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-15 15:28:51 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2010-06-14 20:23:41 | 002,594,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-14 14:41:38 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk
[2010-06-14 14:25:57 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.8.lnk
[2010-06-14 14:06:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-06-13 19:32:38 | 000,174,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-06-13 15:18:06 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CASIO FA-124.lnk
[2010-06-12 15:44:23 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010-06-11 13:13:31 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010-06-10 21:11:05 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010-06-10 10:33:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-09 17:18:27 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ujbqnbis.exe
[2010-06-09 16:37:20 | 003,705,245 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ComboFix.exe.dap
[2010-06-09 12:45:42 | 001,371,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rap.mp3
[2010-06-09 12:41:30 | 006,925,347 | ---- | M] (Koyote Soft ) -- C:\Documents and Settings\Administrator\My Documents\Setup_FreeConverter.exe
[2010-06-09 12:28:45 | 011,873,890 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Administrator\My Documents\audacity-win-unicode-1.3.12.exe
[2010-06-09 11:26:08 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-06-09 11:25:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 8.lnk
[2010-06-09 11:18:52 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Malwarebytes_____Anti-Malware_v1.44_Serial_[_kk_].5290934.TPB.torrent
[2010-06-08 11:34:58 | 000,700,050 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rap.m4a
[2010-06-07 22:02:24 | 001,335,340 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\teste.wav
[2010-06-06 14:45:41 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PS3 Media Server.lnk
[2010-06-06 10:59:32 | 016,418,083 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\My Documents\klcodec600f_1.exe.dap
[2010-06-06 10:59:13 | 016,418,083 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\klcodec600f.exe.dap
[2010-06-06 10:53:25 | 020,880,621 | ---- | M] (Media Player) -- C:\Documents and Settings\Administrator\My Documents\media.player.codec.pack.v3.9.5.setup.exe
[2010-06-06 10:47:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010-06-06 10:34:14 | 000,009,554 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\1.54-setup-en.exe
[2010-06-06 10:12:16 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1-1.0.5-win32.exe
[2010-06-06 10:11:04 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010-06-05 13:45:10 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010-06-05 13:39:17 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2010-06-03 14:38:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2010-06-03 14:16:37 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010-06-03 14:12:47 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MY CAMERA.lnk
[2010-05-22 22:06:41 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Air Video Server.lnk
[2010-05-20 19:43:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Rephe da Teresa.doc
[2010-05-20 19:38:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$phe da Teresa.doc
[2010-05-18 17:48:00 | 001,708,368 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\iUserbar.exe
[2010-05-18 17:07:42 | 000,122,600 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-05-13 19:42:54 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Defender.lnk
[2010-05-05 20:00:23 | 000,439,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-05 20:00:23 | 000,071,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-04 21:54:39 | 000,032,539 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010.docx
[2010-05-04 21:49:46 | 000,015,065 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vasco.docx
[2010-05-04 16:57:46 | 000,030,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Critérios de Correcção Teste de Economia C MAIO2010.docx
[2010-05-04 16:41:50 | 000,031,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010 (2).docx
[2010-05-04 16:40:39 | 000,031,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010 B.docx
[2010-05-04 16:28:32 | 000,001,348 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\µTorrent Web.rar
[2010-05-04 15:26:21 | 004,672,134 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Love_Tale.mp3
[2010-05-03 19:07:16 | 000,013,420 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Teste Maio Economia C.docx
[2010-05-02 21:01:34 | 000,047,964 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\redsn0w-win_0.9.3.zip
[2010-05-02 11:41:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\sn0wbreeze-V1.5.2.exe.dap
[2010-05-01 19:30:19 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.8.lnk
[2010-05-01 19:05:08 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Administrator\My Documents\LimeWireWin.exe
[2010-05-01 17:46:12 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010-05-01 17:27:53 | 020,412,969 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\videora-iphone-504-setup.exe
[2010-05-01 17:17:52 | 000,608,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\blackra1n.exe
[2010-05-01 13:10:51 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Escolhas Múltiplas.doc
[2010-04-30 16:27:01 | 003,105,415 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\joao.exe
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-28 21:52:50 | 000,133,544 | ---- | M] () -- C:\WINDOWS\hpoins15.dat
[2010-04-28 21:49:10 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010-04-27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010-04-27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010-04-27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010-04-27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010-04-27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010-04-27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010-04-27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010-04-27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010-04-27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010-04-26 21:32:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-24 21:38:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-04-21 19:48:50 | 000,010,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\futura-normal.zip
[2010-04-20 18:11:46 | 000,797,972 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\famfamfam_silk_icons_v013.zip
[2010-04-19 14:59:18 | 002,515,666 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\plantaescola.psd
[2010-04-19 14:46:39 | 000,159,544 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\plantaescola.JPG
[2010-04-17 14:35:16 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010-04-17 14:34:06 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010-04-17 14:14:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010-04-14 19:19:07 | 008,392,505 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\15_Photoshop_Tutorials_Pack_by_kitty1613.zip
[2010-04-08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-04-03 23:32:46 | 000,251,904 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\poker tips.doc
[2010-04-01 11:08:24 | 000,013,786 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Headline_One_HPLHS.zip
[2010-04-01 10:40:50 | 000,013,641 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cand.jpg
[2010-03-30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-03-28 09:25:28 | 000,529,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-27 00:31:15 | 006,293,149 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\fm_genie_scout_10_v1.rar
[2010-03-23 20:58:49 | 004,169,301 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.3.2.1_win32-setup.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-06-20 16:55:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-06-19 15:48:19 | 012,031,764 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Exames.rar
[2010-06-15 15:28:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-15 15:28:51 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2010-06-14 22:04:22 | 000,001,389 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Defender.lnk
[2010-06-14 14:41:38 | 000,001,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk
[2010-06-14 14:25:57 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.8.lnk
[2010-06-13 15:18:03 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\VSFlex8L.inf
[2010-06-13 15:17:56 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CASIO FA-124.lnk
[2010-06-11 13:23:49 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010-06-11 13:23:48 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010-06-11 13:23:48 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010-06-11 13:23:48 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010-06-11 13:23:48 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010-06-11 13:13:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010-06-11 13:13:38 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010-06-11 13:13:38 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010-06-11 13:13:31 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010-06-11 13:13:26 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010-06-10 21:10:56 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010-06-10 10:33:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-09 18:02:00 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010-06-09 17:18:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ujbqnbis.exe
[2010-06-09 16:52:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-09 16:52:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-09 16:52:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-09 16:52:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-09 16:52:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-09 16:36:48 | 003,705,245 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ComboFix.exe.dap
[2010-06-09 12:45:30 | 001,371,337 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rap.mp3
[2010-06-09 12:42:19 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010-06-09 12:42:17 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-06-09 12:09:28 | 000,700,050 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rap.m4a
[2010-06-09 11:41:41 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010-06-09 11:25:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 8.lnk
[2010-06-09 11:23:04 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-06-09 11:18:52 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Malwarebytes_____Anti-Malware_v1.44_Serial_[_kk_].5290934.TPB.torrent
[2010-06-07 21:30:32 | 001,335,340 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\teste.wav
[2010-06-06 14:45:41 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PS3 Media Server.lnk
[2010-06-06 10:58:32 | 016,418,083 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\klcodec600f.exe.dap
[2010-06-06 10:47:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010-06-06 10:34:18 | 000,009,554 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\1.54-setup-en.exe
[2010-06-06 10:11:17 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010-06-06 07:35:43 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1-1.0.5-win32.exe
[2010-06-05 13:45:10 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010-06-05 13:39:17 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2010-06-03 14:20:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2010-06-03 14:16:37 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010-06-03 14:12:47 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MY CAMERA.lnk
[2010-05-22 22:06:41 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Air Video Server.lnk
[2010-05-20 19:38:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$phe da Teresa.doc
[2010-05-20 18:24:31 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Rephe da Teresa.doc
[2010-05-18 17:47:57 | 001,708,368 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\iUserbar.exe
[2010-05-04 21:49:45 | 000,015,065 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vasco.docx
[2010-05-04 16:41:49 | 000,031,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010 (2).docx
[2010-05-04 16:40:38 | 000,031,510 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010 B.docx
[2010-05-04 16:28:35 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\µTorrent Web.rar
[2010-05-04 15:25:46 | 004,672,134 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Love_Tale.mp3
[2010-05-04 15:04:39 | 000,030,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Critérios de Correcção Teste de Economia C MAIO2010.docx
[2010-05-03 19:07:15 | 000,013,420 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Teste Maio Economia C.docx
[2010-05-02 21:01:39 | 000,047,964 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\redsn0w-win_0.9.3.zip
[2010-05-02 11:41:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\sn0wbreeze-V1.5.2.exe.dap
[2010-05-01 19:30:19 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.8.lnk
[2010-05-01 17:46:12 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010-05-01 17:27:19 | 020,412,969 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\videora-iphone-504-setup.exe
[2010-05-01 17:17:48 | 000,608,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\blackra1n.exe
[2010-04-30 16:26:40 | 003,105,415 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\joao.exe
[2010-04-27 18:55:16 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Escolhas Múltiplas.doc
[2010-04-24 20:54:52 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-04-21 19:48:49 | 000,010,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\futura-normal.zip
[2010-04-21 14:43:27 | 000,032,539 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Maio 2010.docx
[2010-04-20 18:11:44 | 000,797,972 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\famfamfam_silk_icons_v013.zip
[2010-04-19 14:59:17 | 002,515,666 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\plantaescola.psd
[2010-04-19 14:46:39 | 000,159,544 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\plantaescola.JPG
[2010-04-17 14:14:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex__preferences3.dat
[2010-04-14 19:25:18 | 001,416,125 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\3.jpg
[2010-04-14 19:25:18 | 000,805,845 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\19.jpg
[2010-04-14 19:25:18 | 000,521,204 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\9.jpg
[2010-04-14 19:25:18 | 000,438,477 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\6.jpg
[2010-04-14 19:25:18 | 000,425,625 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\10.jpg
[2010-04-14 19:25:18 | 000,424,137 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\13.jpg
[2010-04-14 19:25:18 | 000,393,778 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\18.jpg
[2010-04-14 19:25:18 | 000,393,023 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\7.jpg
[2010-04-14 19:25:18 | 000,386,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\14.jpg
[2010-04-14 19:25:18 | 000,382,047 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\16.jpg
[2010-04-14 19:25:18 | 000,353,991 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\11.jpg
[2010-04-14 19:25:18 | 000,334,108 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\17.jpg
[2010-04-14 19:25:18 | 000,326,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\12.jpg
[2010-04-14 19:25:18 | 000,318,431 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\8.jpg
[2010-04-14 19:25:18 | 000,317,697 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\5.jpg
[2010-04-14 19:25:18 | 000,316,907 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\4.jpg
[2010-04-14 19:25:18 | 000,313,382 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\20.jpg
[2010-04-14 19:25:18 | 000,300,972 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\15.jpg
[2010-04-14 19:18:22 | 008,392,505 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\15_Photoshop_Tutorials_Pack_by_kitty1613.zip
[2010-04-03 23:32:46 | 000,251,904 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\poker tips.doc
[2010-04-01 11:08:15 | 000,013,786 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Headline_One_HPLHS.zip
[2010-04-01 10:40:50 | 000,013,641 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cand.jpg
[2010-03-27 00:30:25 | 006,293,149 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\fm_genie_scout_10_v1.rar
[2010-03-23 20:58:32 | 004,169,301 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.3.2.1_win32-setup.exe
[2010-03-03 01:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010-03-03 01:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010-03-03 01:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-03-03 01:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010-03-03 01:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010-03-03 01:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010-03-03 01:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010-03-03 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010-03-03 01:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010-03-03 01:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010-03-03 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010-03-03 01:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010-03-03 01:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010-03-03 01:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010-03-03 01:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010-03-03 01:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010-03-03 01:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-16 13:47:10 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010-02-14 16:09:16 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\DUALSHOCK3FF.dll
[2010-02-14 16:09:16 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\dualshock3.sys
[2010-01-26 16:32:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-01-26 16:32:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-11-14 19:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009-11-14 19:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009-11-14 19:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009-11-14 19:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009-11-14 19:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009-11-14 19:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009-11-14 19:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009-11-14 19:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009-11-14 19:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-11-14 19:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-09-26 21:05:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-08-05 12:17:15 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009-08-05 12:17:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009-06-24 10:50:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-06-23 22:31:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009-06-10 19:23:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009-06-10 13:28:53 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dbcae9_s.dll
[2009-06-07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-01-10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008-11-06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-04-14 01:45:46 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2007-10-18 18:09:07 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007-10-13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007-05-26 08:51:34 | 000,000,217 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007-03-07 21:50:42 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2007-02-11 22:22:04 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007-02-11 22:21:36 | 000,000,671 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006-10-27 22:28:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006-10-27 22:28:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006-10-27 22:02:00 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006-10-27 22:02:00 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006-07-15 17:20:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-07-14 12:08:36 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006-07-13 19:50:36 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-07-13 16:20:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-05-09 18:19:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006-03-18 14:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006-03-09 15:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-03-09 15:29:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-03-09 15:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-03-09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-03-09 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-03-09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-01-19 11:23:28 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2003-03-09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-15 23:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-10-12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001-10-12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001-07-06 17:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2000-12-07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini

========== LOP Check ==========

[2009-03-31 21:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\#ISW.FS#
[2007-03-07 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BTuga
[2009-06-29 15:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Activision
[2010-06-09 16:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2009-12-30 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2010-06-20 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009-02-09 21:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
[2007-06-14 21:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2009-03-31 21:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2009-06-23 19:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2009-06-22 09:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010-02-13 17:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
[2009-06-09 23:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2010-05-14 17:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010-06-09 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeAudioPack
[2010-06-16 12:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2008-02-17 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010-02-13 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2009-12-06 18:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle
[2009-12-06 18:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle FaceCreator
[2010-06-17 13:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010-02-17 15:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2010-02-27 14:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010-05-01 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2006-08-15 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009-04-04 15:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCToolsFirewallPlus
[2007-06-29 08:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Program Window City
[2007-05-28 20:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RecordPad
[2010-05-01 17:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Kawa
[2010-05-01 17:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Regensoft
[2007-07-20 10:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecondLife
[2009-12-30 13:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2010-06-11 15:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2010-04-18 17:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sports Interactive
[2007-03-05 00:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sprite PC Agent
[2007-03-05 00:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sprite Setup Wizard
[2007-03-05 00:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sprite Software
[2010-05-31 19:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2009-01-21 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2010-04-24 15:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tidy Favorites
[2009-07-31 13:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010-06-20 20:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUpMedia
[2010-02-17 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2010-05-10 19:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webocton - Scriptly
[2009-06-29 15:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2010-06-05 13:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009-07-02 19:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009-06-22 09:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-03-06 09:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010-06-13 21:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007-10-18 18:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009-10-17 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010-01-21 22:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009-06-25 15:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SHOUTcast Radio Toolbar
[2010-03-07 10:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2009-04-03 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009-12-04 22:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009-11-03 17:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010-06-21 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-07-31 13:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010-05-01 17:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009-03-30 11:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010-04-13 18:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-07-31 13:05:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009-09-11 15:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-06-22 08:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010-05-31 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009-10-13 19:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2010-06-21 14:38:36 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2007-04-28 21:21:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1169413263.job
[2010-06-21 14:40:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %systemroot%\system32\*.dll /lockedfiles >
[2010-03-11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010-03-11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008-04-14 05:51:44 | 020,056,462 | R--- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009-04-02 12:40:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008-04-14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008-04-14 05:51:44 | 020,056,462 | R--- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009-04-02 12:40:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008-04-14 05:51:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008-04-14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008-04-14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >


OTL Extras logfile created on: 21-06-2010 15:09:46 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrator\desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.023,00 Mb Total Physical Memory | 665,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 41,12 Gb Free Space | 26,81% Space Free | Partition Type: NTFS
Drive D: | 431,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CB5F94CD68CA4FF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Tidy Favorites\TidyFavorites.exe" = C:\Program Files\Tidy Favorites\TidyFavorites.exe:*:Enabled:TidyFavorites -- (OrdinarySoft)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\avlywbvg.exe" = C:\WINDOWS\system32\avl
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Enabled:Adobe Flash CS4 -- (Adobe Systems Incorporated.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\Tidy Favorites\TidyFavorites.exe" = C:\Program Files\Tidy Favorites\TidyFavorites.exe:*:Enabled:TidyFavorites -- (OrdinarySoft)
"C:\Program Files\BT Next Evolution\btnext.exe" = C:\Program Files\BT Next Evolution\btnext.exe:*:Enabled:BT Next Evolution -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8BE445-D14C-40E2-AF62-E43539FD1500}" = YouTUBE ™ movie downloader
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388887F6-0661-4C80-B272-A6A23EFC7A31}" = MY CAMERA
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto e Imagem 2.0 - All-in-One Drivers
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8165DF20-3592-4516-9FBF-F1C954671C79}" = MyLanViewer
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8269F9E0-FF61-40EA-921D-574B4D709D00}" = Application Suite
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto e Imagem 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"10CB2083F7325ECF7648ED6DB0E2392F905A2829" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
"Acção 111 - Componente 2" = Formulário para Acção 111 - Componente 2 - v3.02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Air Video Server" = Air Video Server 2.2.7-update1
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Vuze Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BSPlayerf" = BS.Player FREE
"BT Next Evolution" = BT Next Evolution
"CCleaner" = CCleaner
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"divxh264_is1" = DivX H.264 decoder 8.2.0.26
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EA Download Manager" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.2.1
"FL Studio 8" = FL Studio 8
"Football Manager 2010" = Football Manager 2010
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"gamesX - Guitar Hero_is1" = Guitar Hero
"GIF Movie Gear_is1" = GIF Movie Gear 4.2.3
"Guild Wars" = Guild Wars
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP PSC 2100 Series" = HP Foto e Imagem 2.0 - hp psc 2100 series
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"iPhone_OS_3 Toolbar" = iPhone_OS_3 Toolbar
"iUserbar Toolbar" = iUserbar Toolbar
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG Encoder 3" = MPEG Encoder 3
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"netrcacm Uninstall" = RCA Digital Cable Modem
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.85
"SCDNAS" = SHOUTcast DNAS (remove only)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SHOUTcast Radio Toolbar" = SHOUTcast Radio Toolbar
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"SopCast" = SopCast 3.2.4
"Spyware Doctor" = Spyware Doctor 7.0
"Studio365-Loader" = Studio365-Loader
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tidy Favorites_is1" = Tidy Favorites 4.15
"Total Game Control_is1" = Total Game Control v3.6
"Toxic Biohazard" = Toxic Biohazard
"TuneUpMedia" = TuneUp Companion 1.6.9
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.0.1
"Videora iPhone Converter" = Videora iPhone Converter 5.04
"Videora iPod Converter" = Videora iPod Converter 4.06
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"CodeBlocks" = CodeBlocks
"Winamp Detect" = Winamp: Detectar Aplicação

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 21-06-2010 10:33:35 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:41 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:41 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:47 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:47 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:53 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:53 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:59 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:33:59 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 21-06-2010 10:34:05 | Computer Name = CB5F94CD68CA4FF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

[ TuneUp Events ]
Error - 17-06-2010 7:05:08 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-17 12:05:08', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3688',0)

Error - 18-06-2010 7:05:02 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-18 12:05:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5028',0)

Error - 19-06-2010 7:05:00 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-19 12:05:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5820',0)

Error - 20-06-2010 14:30:16 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-20 19:30:16', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1716',0)

Error - 20-06-2010 14:33:05 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-20 19:33:05', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','3436',0)

Error - 21-06-2010 9:32:02 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-21 14:32:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1216',0)

Error - 21-06-2010 9:32:02 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-21 14:32:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','1016',0)

Error - 21-06-2010 9:39:47 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-21 14:39:47', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','1688',0)

Error - 21-06-2010 9:39:47 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-21 14:39:47', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','3024',0)

Error - 21-06-2010 9:45:12 | Computer Name = CB5F94CD68CA4FF | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-21 14:45:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','456',0)


< End of report >

Attached Files



#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 21 June 2010 - 05:37 PM

Hello, jacolas_saxolas.

Did you change your HOSTS file since you posted your last log?






P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case FrostWire, LimeWire, BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Tidy Up). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578

Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/...sk-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.






Step 1

I see you have Combofix from before. Please delete your copy and download a new one. If you can't run in Normal mode, please run in safe mode.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as jacolas_saxolasCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on jacolas_saxolasCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 22 June 2010 - 05:42 AM

Hello,

Thank you for such a fast answer and no, I haven't changed the hosts file since my last post, I don't even know what that is.

I've removed the toolbar and tidy up as you suggested and I won't use P2P applications until all the malware is removed.
I've ran combofix in normal mode without any issues but i couldn't rename the way you wanted me to, because it only allowed alpha-numerical characters so I named it like this jacolassaxolasCF

Here is the log:

ComboFix 10-06-21.01 - Administrator 22-06-2010 10:45:58.1.2 - x86
Running from: c:\documents and settings\Administrator\Desktop\jacolassaxolasCF.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\logs
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\window.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-20 15:53 . 2010-06-20 15:53 -------- d-----w- c:\program files\iPod
2010-06-15 14:28 . 2010-06-15 14:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 14:28 . 2010-06-15 14:28 664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2010-06-14 13:40 . 2010-06-14 13:42 -------- d-----r- C:\plugins
2010-06-14 13:27 . 2010-06-17 12:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-06-14 12:52 . 2010-06-16 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2010-06-14 12:51 . 2010-06-16 10:54 -------- d-----w- c:\program files\FrostWire
2010-06-13 20:07 . 2010-06-13 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-13 14:18 . 2002-06-12 21:50 40672 ----a-w- c:\windows\system32\drivers\CESG502.sys
2010-06-13 14:17 . 2010-06-13 14:17 -------- d-----w- c:\program files\CASIO
2010-06-12 15:49 . 2010-06-12 15:49 -------- d-----w- C:\found.000
2010-06-12 15:29 . 2010-06-12 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-06-11 17:01 . 2010-06-12 09:01 -------- d-----w- C:\083647c38db4e021ca
2010-06-11 12:23 . 2010-01-27 12:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-11 12:23 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-11 12:23 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-11 12:23 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-11 12:23 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-11 12:23 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-11 12:13 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 12:13 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 12:13 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 12:13 . 2010-06-11 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-11 12:13 . 2010-06-14 17:58 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 12:13 . 2010-06-11 12:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-10 20:13 . 2010-06-10 20:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-06-10 15:35 . 2010-06-13 10:35 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-10 15:33 . 2010-06-10 15:33 -------- d-----w- C:\1e9865a9927e801865c32a4f540952
2010-06-10 09:33 . 2010-06-10 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-10 09:33 . 2010-06-13 11:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-09 17:02 . 2010-06-09 17:02 -------- d-----w- c:\program files\Trend Micro
2010-06-09 11:31 . 2010-06-09 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-06-09 11:31 . 2010-06-09 11:31 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-09 10:26 . 2010-06-09 10:26 -------- d-----w- c:\program files\ASIO4ALL v2
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\VstPlugins
2010-06-09 10:25 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\Outsim
2010-06-09 10:22 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 10:22 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Image-Line
2010-06-07 13:06 . 2010-06-07 13:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-06 10:11 . 2010-06-06 10:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-06-06 10:00 . 2010-06-06 10:00 -------- d-----w- c:\program files\DivX H.264 decoder
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\custom matrices
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\QuickTime
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\C2MP
2010-06-06 09:53 . 2010-06-06 09:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-06-06 09:43 . 2010-06-06 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2010-06-06 09:38 . 2010-06-06 09:38 -------- d-----w- c:\program files\CPUID
2010-06-06 09:38 . 2010-03-30 22:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-06 09:15 . 2010-06-19 11:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-06-06 09:12 . 2010-06-06 09:12 -------- d-----w- c:\program files\VideoLAN
2010-06-05 12:48 . 2010-06-05 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2010-06-03 13:20 . 2008-04-14 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-03 13:20 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-03 13:16 . 2001-11-02 14:06 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr
2010-06-03 13:16 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-06-03 13:15 . 2010-06-03 13:15 -------- d-----w- c:\program files\ArcSoft
2010-06-03 13:13 . 2010-06-03 13:13 -------- d-----w- c:\program files\DIFX
2010-06-03 13:13 . 2006-05-02 12:38 110720 ----a-w- c:\windows\system32\drivers\mr97310c.sys
2010-06-03 13:12 . 2010-06-03 13:12 -------- d-----w- c:\program files\Mars
2010-05-31 13:06 . 2010-05-31 13:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iUserbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 10:07 . 2007-10-17 18:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 08:47 . 2009-04-10 13:18 -------- d-----w- c:\program files\VS Revo Group
2010-06-20 18:13 . 2008-05-21 13:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-06-20 15:55 . 2007-03-26 15:14 -------- d-----w- c:\program files\iTunes
2010-06-20 15:53 . 2007-09-21 16:19 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 15:27 . 2007-07-16 17:43 -------- d-----w- c:\program files\Bonjour
2010-06-14 13:26 . 2006-12-25 10:41 -------- d-----w- c:\program files\LimeWire
2010-06-13 18:32 . 2006-07-15 17:07 174632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 14:17 . 2006-07-13 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 15:33 . 2009-12-04 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-06-11 14:58 . 2009-12-02 17:21 -------- d-----w- c:\program files\Software Informer
2010-06-11 14:44 . 2009-12-02 17:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Software Informer
2010-06-11 12:24 . 2009-04-04 13:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-10 20:11 . 2009-04-10 13:21 -------- d-----w- c:\program files\ESET
2010-06-10 18:27 . 2009-07-21 16:00 -------- d-----w- c:\program files\PS3 Media Server
2010-06-09 11:42 . 2010-06-09 11:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeAudioPack
2010-06-06 12:00 . 2010-02-13 13:00 -------- d-----w- c:\program files\Tidy Favorites
2010-06-06 09:05 . 2010-02-01 18:05 -------- d-----w- c:\program files\Safari
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-05-31 16:31 . 2009-10-12 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-05-22 21:06 . 2010-05-22 21:06 -------- d-----w- c:\program files\AirVideoServer
2010-05-21 19:18 . 2010-05-21 19:18 -------- d-----w- c:\program files\ConvertHelper
2010-05-18 16:49 . 2010-05-18 16:49 -------- d-----w- c:\program files\iUserbar
2010-05-18 16:07 . 2009-10-07 20:14 122600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-14 16:07 . 2009-09-29 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-05-12 17:01 . 2009-11-01 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 18:12 . 2010-05-10 18:11 -------- d-----w- c:\program files\Webocton - Scriptly
2010-05-10 18:11 . 2010-05-10 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webocton - Scriptly
2010-05-05 20:53 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee.com
2010-05-05 19:29 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee
2010-05-05 19:29 . 2009-04-13 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-05 19:28 . 2009-10-12 14:24 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-01 17:54 . 2010-05-01 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Regensoft
2010-05-01 16:31 . 2010-05-01 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Red Kawa
2010-05-01 16:29 . 2009-03-04 20:38 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-30 16:34 . 2010-04-30 16:34 -------- d-----w- c:\program files\YouTube Downloader
2010-04-28 20:52 . 2008-02-29 22:06 133544 ----a-w- c:\windows\hpoins15.dat
2010-04-27 16:16 . 2010-05-05 15:31 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 16:16 . 2010-05-05 15:31 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 16:16 . 2010-05-05 15:31 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 16:16 . 2010-05-05 15:31 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 16:16 . 2010-05-05 15:31 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 16:16 . 2010-05-05 15:31 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 16:16 . 2010-05-05 15:31 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 16:16 . 2009-10-12 14:25 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2009-10-12 14:25 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 16:16 . 2009-07-08 12:44 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-24 14:42 . 2010-02-13 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tidy Favorites
2010-04-19 19:47 . 2009-09-11 14:03 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 19:47 . 2009-09-11 14:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 13:35 . 2009-11-22 11:21 75 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-04-17 13:34 . 2009-08-03 13:57 41 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-04-17 13:14 . 2010-04-17 13:14 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-04-27 16:16 . 2010-05-05 15:31 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-04-03 22:11 . 2009-04-03 22:11 2 --shatr- c:\windows\winstart.bat
2004-08-04 00:56 . 2006-07-13 20:48 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2009-06-10 12:28 . 2009-06-10 12:28 5 --sha-w- c:\windows\system32\dbcae9_s.dll
.
CODE
<pre>
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\GameSpy\Comrade\comrade .exe
c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2 .exe
c:\program files\UnHackMe\hackmon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\nerocheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-02-19 2349080]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-02-27 2349080]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2010-03-17 2355224]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]
2010-04-15 11:33 2515552 ----a-w- c:\program files\iUserbar\tbiUse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-12-04 2811392]
"TidyFavorites"="c:\program files\Tidy Favorites\TidyFavorites.exe" [2009-09-08 5390056]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-05-20 4818760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 2806272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"OnlineArmorTR"="c:\windows\OATR.exe" [2009-12-24 279632]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Windows Defender.lnk - c:\plugins\Server.jar [2010-6-14 462079]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Tidy Favorites\\TidyFavorites.exe"=
"c:\\Program Files\\BT Next Evolution\\btnext.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11-06-2010 13:13 218592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05-05-2010 16:31 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11-06-2010 13:23 112592]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [06-06-2010 10:38 20968]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09-06-2010 11:23 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12-10-2009 15:30 203280]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05-05-2010 16:31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [05-05-2010 16:31 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05-05-2010 16:31 55456]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [16-02-2010 13:47 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09-06-2010 11:22 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05-05-2010 16:31 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S1 MpKsl9b094d04;MpKsl9b094d04;c:\windows\system32\MpEngineStore\MpKsl9b094d04.sys [10-06-2010 16:35 28752]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [14-02-2010 16:09 11392]
S3 Arfumdev;A4Tech USB Port RF-Mouse filter driver;c:\windows\system32\drivers\Arfumx86.sys [14-07-2006 13:47 10240]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05-05-2010 16:31 83496]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [13-06-2010 15:18 40672]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11-06-2010 13:13 366840]
S4 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S4 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [12-02-2009 11:11 54928]
S4 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [12-02-2009 11:12 21136]
S4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11-06-2010 13:13 63360]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-06-2009 9:42 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-04-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4169413263.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.pt
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.projectosermais.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 11:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d64
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
"HistoryDir"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 10\\History Points"
"LastSaveGame"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\benfica.fm"

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-920\\db\\920\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000032
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,0a,14,3a,83,37,75,06,8e,8d,26,e5,5c,e2,02,a8,11,e9,e7,91,04,36,cd,
60,9e,17,5a,9c,87,81,ca,cb,ba,a8,3a,89,19,a1,ea,76,59,26,29,88,7c,b0,70,60,\
"??"=hex:34,ff,27,86,97,c6,47,0b,9a,4c,45,9e,76,38,3d,be

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:f5,21,28,05,11,b6,64,e5,3a,e5,86,71,6b,07,a2,11,e7,88,2f,a0,03,
32,1c,77,7d,f4,af,34,d8,bf,3d,06,68,f9,ef,c9,97,51,ea,f5,e5,ed,b9,41,25,ab,\
"rkeysecu"=hex:ff,3e,ad,cf,4a,a6,d9,5e,a2,d0,04,23,c3,58,e8,3d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-06-22 11:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 10:22

Pre-Run: 45.106.184.192 bytes free
Post-Run: 45.467.758.592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F184F16B9EC1D644585EEB147289F05A

Attached Files


Edited by jacolas_saxolas, 22 June 2010 - 08:38 AM.


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 23 June 2010 - 06:00 PM

Hello, jacolas_saxolas.

I must warn you that Combofix detected a backdoor rootkit. It did replace the infected file, but please read the warning below. You're also infected with a tricky Vundo variant. It may take several rounds to fix it.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.











Step 1







Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or BitDefender.
Two Firewalls Warning

I see that you have two firewalls installed and running on your system. Running a firewall is a great way to protect your computer from infection. However, I only recommend running one at a time. Please go to:
Start --> Control Panel --> Add/Remove Programs and remove either Mcafee, BitDefenderor [field name="Firewall 2".




Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
DDS::
uRun: [Windows] "c:\windows\system32\window.exe"
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
File::
C:\WINDOWS\system32\avlywbvg.exe
Folder::
C:\083647c38db4e021ca
C:\1e9865a9927e801865c32a4f540952
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\avlywbvg.exe"=-
RenV::
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\GameSpy\Comrade\comrade .exe
c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2 .exe
c:\program files\UnHackMe\hackmon .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\nerocheck .exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 24 June 2010 - 06:02 AM

Hello!

I understand all the dangers and I want to remove this infection!

I can't find bitdefender in add or remove programs but honestly, I never used it nor seen it working. The only antivirus I have running is Mcafee.

Here is my log:

ComboFix 10-06-23.03 - Administrator 24-06-2010 10:59:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.499 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


FILE ::
"c:\windows\system32\avlywbvg.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\083647c38db4e021ca
c:\083647c38db4e021ca\mrt.exe
c:\083647c38db4e021ca\mrtstub.exe
C:\1e9865a9927e801865c32a4f540952
c:\1e9865a9927e801865c32a4f540952\$shtdwn$.req
c:\1e9865a9927e801865c32a4f540952\mrt.exe
c:\1e9865a9927e801865c32a4f540952\mrtstub.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-22 13:44 . 2010-06-22 13:44 -------- d-----w- C:\BTNext
2010-06-22 13:40 . 2010-06-23 07:56 -------- d-----w- c:\program files\BTNext Evolution
2010-06-20 15:53 . 2010-06-20 15:53 -------- d-----w- c:\program files\iPod
2010-06-15 14:28 . 2010-06-15 14:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 14:28 . 2010-06-15 14:28 664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2010-06-14 13:40 . 2010-06-14 13:42 -------- d-----r- C:\plugins
2010-06-14 13:27 . 2010-06-17 12:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-06-14 12:52 . 2010-06-16 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2010-06-14 12:51 . 2010-06-16 10:54 -------- d-----w- c:\program files\FrostWire
2010-06-13 20:07 . 2010-06-13 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-13 14:18 . 2002-06-12 21:50 40672 ----a-w- c:\windows\system32\drivers\CESG502.sys
2010-06-13 14:17 . 2010-06-13 14:17 -------- d-----w- c:\program files\CASIO
2010-06-12 15:49 . 2010-06-12 15:49 -------- d-----w- C:\found.000
2010-06-12 15:29 . 2010-06-12 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-06-11 12:13 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 12:13 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 12:13 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 12:13 . 2010-06-11 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-11 12:13 . 2010-06-14 17:58 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 12:13 . 2010-06-11 12:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-10 20:13 . 2010-06-10 20:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-06-10 15:35 . 2010-06-13 10:35 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-10 09:33 . 2010-06-10 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-10 09:33 . 2010-06-13 11:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-09 17:02 . 2010-06-09 17:02 -------- d-----w- c:\program files\Trend Micro
2010-06-09 11:31 . 2010-06-09 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-06-09 11:31 . 2010-06-09 11:31 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-09 10:26 . 2010-06-09 10:26 -------- d-----w- c:\program files\ASIO4ALL v2
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\VstPlugins
2010-06-09 10:25 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\Outsim
2010-06-09 10:22 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 10:22 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Image-Line
2010-06-07 13:06 . 2010-06-07 13:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-06 10:11 . 2010-06-06 10:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-06-06 10:00 . 2010-06-06 10:00 -------- d-----w- c:\program files\DivX H.264 decoder
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\custom matrices
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\QuickTime
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\C2MP
2010-06-06 09:53 . 2010-06-06 09:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-06-06 09:43 . 2010-06-06 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2010-06-06 09:38 . 2010-06-06 09:38 -------- d-----w- c:\program files\CPUID
2010-06-06 09:38 . 2010-03-30 22:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-06 09:15 . 2010-06-23 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-06-06 09:12 . 2010-06-06 09:12 -------- d-----w- c:\program files\VideoLAN
2010-06-05 12:48 . 2010-06-05 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2010-06-03 13:20 . 2008-04-14 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-03 13:20 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-03 13:16 . 2001-11-02 14:06 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr
2010-06-03 13:16 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-06-03 13:15 . 2010-06-03 13:15 -------- d-----w- c:\program files\ArcSoft
2010-06-03 13:13 . 2010-06-03 13:13 -------- d-----w- c:\program files\DIFX
2010-06-03 13:13 . 2006-05-02 12:38 110720 ----a-w- c:\windows\system32\drivers\mr97310c.sys
2010-06-03 13:12 . 2010-06-03 13:12 -------- d-----w- c:\program files\Mars
2010-05-31 13:06 . 2010-05-31 13:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iUserbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 09:59 . 2009-04-03 22:09 -------- d-----w- c:\program files\UnHackMe
2010-06-24 09:46 . 2009-04-02 21:40 -------- d-----w- c:\program files\Common Files\BitDefender
2010-06-24 09:37 . 2007-10-17 18:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-23 21:23 . 2009-09-29 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-06-23 10:40 . 2009-11-10 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-23 08:17 . 2009-11-01 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-23 07:56 . 2009-11-05 18:43 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-23 07:56 . 2009-12-04 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-06-22 17:17 . 2009-06-23 18:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-22 17:17 . 2009-06-22 08:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-22 17:16 . 2009-06-22 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-22 13:40 . 2008-05-21 13:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-06-22 08:47 . 2009-04-10 13:18 -------- d-----w- c:\program files\VS Revo Group
2010-06-20 15:55 . 2007-03-26 15:14 -------- d-----w- c:\program files\iTunes
2010-06-20 15:53 . 2007-09-21 16:19 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 15:27 . 2007-07-16 17:43 -------- d-----w- c:\program files\Bonjour
2010-06-20 15:11 . 2010-06-20 15:11 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:00 . 2009-12-04 21:45 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-06-14 13:26 . 2006-12-25 10:41 -------- d-----w- c:\program files\LimeWire
2010-06-14 13:16 . 2010-06-14 13:16 0 ----a-w- c:\documents and settings\Administrator\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-06-13 18:32 . 2006-07-15 17:07 174632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 14:17 . 2006-07-13 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 14:05 . 2010-06-13 14:05 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-13 14:05 . 2010-06-13 14:05 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-13 14:05 . 2010-06-13 14:05 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-11 14:58 . 2009-12-02 17:21 -------- d-----w- c:\program files\Software Informer
2010-06-11 14:44 . 2009-12-02 17:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Software Informer
2010-06-11 12:24 . 2009-04-04 13:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-10 20:11 . 2009-04-10 13:21 -------- d-----w- c:\program files\ESET
2010-06-10 18:27 . 2009-07-21 16:00 -------- d-----w- c:\program files\PS3 Media Server
2010-06-09 17:02 . 2010-06-09 17:02 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 11:42 . 2010-06-09 11:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeAudioPack
2010-06-06 12:00 . 2010-02-13 13:00 -------- d-----w- c:\program files\Tidy Favorites
2010-06-06 09:05 . 2010-02-01 18:05 -------- d-----w- c:\program files\Safari
2010-06-03 13:12 . 2010-06-03 13:12 8854 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{388887F6-0661-4C80-B272-A6A23EFC7A31}\UNINST_Uninstall_M_388887F606614C80B272A6A23EFC7A31.exe
2010-06-03 13:12 . 2010-06-03 13:12 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{388887F6-0661-4C80-B272-A6A23EFC7A31}\ARPPRODUCTICON.exe
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-31 18:23 . 2010-05-31 18:23 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-05-31 16:31 . 2009-10-12 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-05-22 21:06 . 2010-05-22 21:06 -------- d-----w- c:\program files\AirVideoServer
2010-05-21 19:18 . 2010-05-21 19:18 -------- d-----w- c:\program files\ConvertHelper
2010-05-18 16:49 . 2010-05-18 16:49 -------- d-----w- c:\program files\iUserbar
2010-05-18 16:07 . 2009-10-07 20:14 122600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 20:53 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee.com
2010-05-05 19:29 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee
2010-05-05 19:29 . 2009-04-13 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-05 19:28 . 2009-10-12 14:24 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-04 17:20 . 2009-06-12 10:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-06-12 10:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2009-06-12 10:42 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2009-06-12 10:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 17:54 . 2010-05-01 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Regensoft
2010-05-01 16:31 . 2010-05-01 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Red Kawa
2010-05-01 16:29 . 2009-03-04 20:38 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-01 16:28 . 2010-05-01 16:28 256899 ----a-w- c:\documents and settings\Administrator\Application Data\OpenCandy\DlMgr3Wrapper.exe
2010-04-30 16:34 . 2010-04-30 16:34 -------- d-----w- c:\program files\YouTube Downloader
2010-04-28 20:52 . 2008-02-29 22:06 133544 ----a-w- c:\windows\hpoins15.dat
2010-04-27 16:16 . 2010-05-05 15:31 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 16:16 . 2010-05-05 15:31 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 16:16 . 2010-05-05 15:31 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 16:16 . 2010-05-05 15:31 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 16:16 . 2010-05-05 15:31 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 16:16 . 2010-05-05 15:31 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 16:16 . 2010-05-05 15:31 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 16:16 . 2009-10-12 14:25 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2009-10-12 14:25 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 16:16 . 2009-07-08 12:44 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-21 11:07 . 2010-05-01 16:05 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
2010-04-21 11:07 . 2010-05-01 16:05 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
2010-04-20 05:30 . 2009-06-12 10:42 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 19:47 . 2009-09-11 14:03 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 19:47 . 2009-09-11 14:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 13:35 . 2009-11-22 11:21 75 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-04-17 13:34 . 2009-08-03 13:57 41 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-04-17 13:14 . 2010-04-17 13:14 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-04-13 16:56 . 2010-04-13 16:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-27 16:16 . 2010-05-05 15:31 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-04-03 22:11 . 2009-04-03 22:11 2 --shatr- c:\windows\winstart.bat
2004-08-04 00:56 . 2006-07-13 20:48 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2009-06-10 12:28 . 2009-06-10 12:28 5 --sha-w- c:\windows\system32\dbcae9_s.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-02-27 2349080]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2010-03-17 2355224]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]
2010-04-15 11:33 2515552 ----a-w- c:\program files\iUserbar\tbiUse.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-12-04 2811392]
"TidyFavorites"="c:\program files\Tidy Favorites\TidyFavorites.exe" [2009-09-08 5390056]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-05-20 4818760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 2806272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"OnlineArmorTR"="c:\windows\OATR.exe" [2009-12-24 279632]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Defender.lnk - c:\plugins\Server.jar [2010-6-14 462079]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Tidy Favorites\\TidyFavorites.exe"=
"c:\\Program Files\\BT Next Evolution\\btnext.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11-06-2010 13:13 218592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05-05-2010 16:31 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [06-06-2010 10:38 20968]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09-06-2010 11:23 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12-10-2009 15:30 203280]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05-05-2010 16:31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [05-05-2010 16:31 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05-05-2010 16:31 55456]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [16-02-2010 13:47 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09-06-2010 11:22 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05-05-2010 16:31 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-06-2009 9:42 691696]
S1 MpKsl9b094d04;MpKsl9b094d04;c:\windows\system32\MpEngineStore\MpKsl9b094d04.sys [10-06-2010 16:35 28752]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [14-02-2010 16:09 11392]
S3 Arfumdev;A4Tech USB Port RF-Mouse filter driver;c:\windows\system32\drivers\Arfumx86.sys [14-07-2006 13:47 10240]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-01-2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05-05-2010 16:31 83496]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [13-06-2010 15:18 40672]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11-06-2010 13:13 366840]
S4 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S4 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [12-02-2009 11:11 54928]
S4 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [12-02-2009 11:12 21136]
S4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11-06-2010 13:13 63360]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-04-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4169413263.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2010-06-24 c:\windows\Tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.pt
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {0BB649C2-8FD7-44BD-8808-1E7F4C15E4E1} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.projectosermais.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 11:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d64
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
"HistoryDir"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 10\\History Points"
"LastSaveGame"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\benfica.fm"

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-920\\db\\920\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000032
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,0a,14,3a,83,37,75,06,8e,8d,26,e5,5c,e2,02,a8,11,e9,e7,91,04,36,cd,
60,9e,17,5a,9c,87,81,ca,cb,ba,a8,3a,89,19,a1,ea,76,59,26,29,88,7c,b0,70,60,\
"??"=hex:34,ff,27,86,97,c6,47,0b,9a,4c,45,9e,76,38,3d,be

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:f5,21,28,05,11,b6,64,e5,3a,e5,86,71,6b,07,a2,11,e7,88,2f,a0,03,
32,1c,77,7d,f4,af,34,d8,bf,3d,06,68,f9,ef,c9,97,51,ea,f5,e5,ed,b9,41,25,ab,\
"rkeysecu"=hex:ff,3e,ad,cf,4a,a6,d9,5e,a2,d0,04,23,c3,58,e8,3d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-06-24 11:23:47
ComboFix-quarantined-files.txt 2010-06-24 10:23
ComboFix2.txt 2010-06-22 10:22

Pre-Run: 39.370.612.736 bytes free
Post-Run: 39.334.301.696 bytes free

- - End Of File - - FD4A3B27FE2BDA4A99433D61A9F0E799

Attached Files

  • Attached File  log.txt   38.07KB   2 downloads

Edited by jacolas_saxolas, 24 June 2010 - 06:03 AM.


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 24 June 2010 - 04:58 PM

Hello, jacolas_saxolas.
OK, those BitDefender entries are leftovers. We can remove them.




Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
SecCenter::
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}
{4055920F-2E99-48A8-A270-4243D2B8F242}


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
    :Commands
    [ResetHosts]
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    @echo off
    type c:\windows\winstart.bat > c:\log.txt
    start c:\log.txt
    del %0

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click fixme.bat on your desktop to run the fix.
  7. A window will briefly pop up then close.
  8. A log will open, please copy and paste it into your response.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 25 June 2010 - 08:27 AM

Hello,

I've done all your steps but when i ran fixme.bat notepad popped up but the log was blank.

Here are the other logs:

~

ComboFix 10-06-24.03 - Administrator 25-06-2010 9:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.452 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-24 14:41 . 2010-06-24 14:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-24 13:56 . 2010-06-24 13:56 -------- d-----w- c:\program files\Franzis
2010-06-22 13:44 . 2010-06-22 13:44 -------- d-----w- C:\BTNext
2010-06-22 13:40 . 2010-06-23 07:56 -------- d-----w- c:\program files\BTNext Evolution
2010-06-20 15:53 . 2010-06-20 15:53 -------- d-----w- c:\program files\iPod
2010-06-15 14:28 . 2010-06-15 14:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 14:28 . 2010-06-15 14:28 664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2010-06-14 13:40 . 2010-06-14 13:42 -------- d-----r- C:\plugins
2010-06-14 13:27 . 2010-06-17 12:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-06-14 12:52 . 2010-06-16 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2010-06-14 12:51 . 2010-06-16 10:54 -------- d-----w- c:\program files\FrostWire
2010-06-13 20:07 . 2010-06-13 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-06-13 14:18 . 2002-06-12 21:50 40672 ----a-w- c:\windows\system32\drivers\CESG502.sys
2010-06-13 14:17 . 2010-06-13 14:17 -------- d-----w- c:\program files\CASIO
2010-06-12 15:49 . 2010-06-12 15:49 -------- d-----w- C:\found.000
2010-06-12 15:29 . 2010-06-12 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-06-11 12:13 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-11 12:13 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-11 12:13 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-11 12:13 . 2010-06-11 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-11 12:13 . 2010-06-14 17:58 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 12:13 . 2010-06-11 12:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-10 20:13 . 2010-06-10 20:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-06-10 15:35 . 2010-06-13 10:35 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-10 09:33 . 2010-06-10 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-10 09:33 . 2010-06-13 11:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-09 17:02 . 2010-06-09 17:02 -------- d-----w- c:\program files\Trend Micro
2010-06-09 11:31 . 2010-06-09 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-06-09 11:31 . 2010-06-09 11:31 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-06-09 10:26 . 2010-06-09 10:26 -------- d-----w- c:\program files\ASIO4ALL v2
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\VstPlugins
2010-06-09 10:25 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-06-09 10:25 . 2010-06-09 10:25 -------- d-----w- c:\program files\Outsim
2010-06-09 10:22 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 10:22 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 10:22 . 2010-06-09 10:26 -------- d-----w- c:\program files\Image-Line
2010-06-07 13:06 . 2010-06-07 13:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-06 10:11 . 2010-06-06 10:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-06-06 10:00 . 2010-06-06 10:00 -------- d-----w- c:\program files\DivX H.264 decoder
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\custom matrices
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\QuickTime
2010-06-06 09:54 . 2010-06-06 09:54 -------- d-----w- c:\windows\system32\C2MP
2010-06-06 09:53 . 2010-06-06 09:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-06-06 09:43 . 2010-06-06 09:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2010-06-06 09:38 . 2010-06-06 09:38 -------- d-----w- c:\program files\CPUID
2010-06-06 09:38 . 2010-03-30 22:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-06 09:15 . 2010-06-23 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-06-06 09:12 . 2010-06-06 09:12 -------- d-----w- c:\program files\VideoLAN
2010-06-05 12:48 . 2010-06-05 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2010-06-03 13:20 . 2008-04-14 04:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-03 13:20 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-03 13:16 . 2001-11-02 14:06 163840 ----a-w- c:\windows\system32\PhotoImpression Screen Saver.scr
2010-06-03 13:16 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-06-03 13:15 . 2010-06-03 13:15 -------- d-----w- c:\program files\ArcSoft
2010-06-03 13:13 . 2010-06-03 13:13 -------- d-----w- c:\program files\DIFX
2010-06-03 13:13 . 2006-05-02 12:38 110720 ----a-w- c:\windows\system32\drivers\mr97310c.sys
2010-06-03 13:12 . 2010-06-03 13:12 -------- d-----w- c:\program files\Mars
2010-05-31 13:06 . 2010-05-31 13:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iUserbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 22:31 . 2007-10-17 18:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 22:25 . 2008-05-21 13:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2010-06-24 21:22 . 2006-09-08 07:49 -------- d-----w- c:\program files\Guild Wars
2010-06-24 18:25 . 2009-10-07 20:14 122600 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 14:43 . 2009-12-04 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-06-24 14:40 . 2009-11-05 18:43 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-24 14:08 . 2009-06-22 08:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 13:47 . 2009-09-29 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-06-24 09:59 . 2009-04-03 22:09 -------- d-----w- c:\program files\UnHackMe
2010-06-24 09:46 . 2009-04-02 21:40 -------- d-----w- c:\program files\Common Files\BitDefender
2010-06-23 10:40 . 2009-11-10 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-23 08:17 . 2009-11-01 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-22 17:17 . 2009-06-23 18:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-22 17:16 . 2009-06-22 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-22 08:47 . 2009-04-10 13:18 -------- d-----w- c:\program files\VS Revo Group
2010-06-20 15:55 . 2007-03-26 15:14 -------- d-----w- c:\program files\iTunes
2010-06-20 15:53 . 2007-09-21 16:19 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 15:27 . 2007-07-16 17:43 -------- d-----w- c:\program files\Bonjour
2010-06-20 15:11 . 2010-06-20 15:11 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:00 . 2009-12-04 21:45 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-06-14 13:26 . 2006-12-25 10:41 -------- d-----w- c:\program files\LimeWire
2010-06-14 13:16 . 2010-06-14 13:16 0 ----a-w- c:\documents and settings\Administrator\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-06-13 18:32 . 2006-07-15 17:07 174632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 14:17 . 2006-07-13 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 14:05 . 2010-06-13 14:05 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-13 14:05 . 2010-06-13 14:05 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-13 14:05 . 2010-06-13 14:05 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-11 14:58 . 2009-12-02 17:21 -------- d-----w- c:\program files\Software Informer
2010-06-11 14:44 . 2009-12-02 17:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Software Informer
2010-06-11 12:24 . 2009-04-04 13:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-10 20:11 . 2009-04-10 13:21 -------- d-----w- c:\program files\ESET
2010-06-10 18:27 . 2009-07-21 16:00 -------- d-----w- c:\program files\PS3 Media Server
2010-06-09 17:02 . 2010-06-09 17:02 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 11:42 . 2010-06-09 11:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeAudioPack
2010-06-06 12:00 . 2010-02-13 13:00 -------- d-----w- c:\program files\Tidy Favorites
2010-06-06 09:05 . 2010-02-01 18:05 -------- d-----w- c:\program files\Safari
2010-06-03 13:12 . 2010-06-03 13:12 8854 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{388887F6-0661-4C80-B272-A6A23EFC7A31}\UNINST_Uninstall_M_388887F606614C80B272A6A23EFC7A31.exe
2010-06-03 13:12 . 2010-06-03 13:12 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{388887F6-0661-4C80-B272-A6A23EFC7A31}\ARPPRODUCTICON.exe
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-31 18:23 . 2010-05-31 18:23 85504 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-31 18:23 . 2010-02-14 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-05-31 16:31 . 2009-10-12 15:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-05-25 05:47 . 2010-06-24 13:56 11538793 ----a-w- c:\documents and settings\Administrator\Application Data\BitTorrent\Alcohol 120 7 + serial -TrT\Alcohol 120 7 + serial -TrT\Alcohol 120 7 Setup.exe
2010-05-22 21:06 . 2010-05-22 21:06 -------- d-----w- c:\program files\AirVideoServer
2010-05-21 19:18 . 2010-05-21 19:18 -------- d-----w- c:\program files\ConvertHelper
2010-05-18 16:49 . 2010-05-18 16:49 -------- d-----w- c:\program files\iUserbar
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 20:53 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee.com
2010-05-05 19:29 . 2009-10-12 14:24 -------- d-----w- c:\program files\McAfee
2010-05-05 19:29 . 2009-04-13 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-05 19:28 . 2009-10-12 14:24 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-04 17:20 . 2009-06-12 10:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2009-06-12 10:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2009-06-12 10:42 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2009-06-12 10:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 17:54 . 2010-05-01 16:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2010-05-01 16:39 . 2010-05-01 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Regensoft
2010-05-01 16:31 . 2010-05-01 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Red Kawa
2010-05-01 16:29 . 2009-03-04 20:38 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-01 16:28 . 2010-05-01 16:28 256899 ----a-w- c:\documents and settings\Administrator\Application Data\OpenCandy\DlMgr3Wrapper.exe
2010-04-30 16:34 . 2010-04-30 16:34 -------- d-----w- c:\program files\YouTube Downloader
2010-04-28 20:52 . 2008-02-29 22:06 133544 ----a-w- c:\windows\hpoins15.dat
2010-04-27 16:16 . 2010-05-05 15:31 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 16:16 . 2010-05-05 15:31 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 16:16 . 2010-05-05 15:31 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 16:16 . 2010-05-05 15:31 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 16:16 . 2010-05-05 15:31 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 16:16 . 2010-05-05 15:31 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 16:16 . 2010-05-05 15:31 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 16:16 . 2009-10-12 14:25 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2009-10-12 14:25 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 16:16 . 2009-07-08 12:44 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-21 11:07 . 2010-05-01 16:05 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
2010-04-21 11:07 . 2010-05-01 16:05 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
2010-04-20 05:30 . 2009-06-12 10:42 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 19:47 . 2009-09-11 14:03 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 19:47 . 2009-09-11 14:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 13:35 . 2009-11-22 11:21 75 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-04-17 13:34 . 2009-08-03 13:57 41 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-04-17 13:14 . 2010-04-17 13:14 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-04-13 16:56 . 2010-04-13 16:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-30 23:16 . 2010-03-30 23:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 23:10 . 2010-03-30 23:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-04-27 16:16 . 2010-05-05 15:31 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-04-03 22:11 . 2009-04-03 22:11 2 --shatr- c:\windows\winstart.bat
2004-08-04 00:56 . 2006-07-13 20:48 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2009-06-10 12:28 . 2009-06-10 12:28 5 --sha-w- c:\windows\system32\dbcae9_s.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-24_10.14.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 22:26 . 2010-06-24 22:26 16384 c:\windows\Temp\Perflib_Perfdata_364.dat
+ 1980-01-01 00:00 . 2010-06-24 17:15 71560 c:\windows\system32\perfc009.dat
- 1980-01-01 00:00 . 2010-06-22 20:26 71560 c:\windows\system32\perfc009.dat
+ 2009-11-07 00:07 . 2009-11-07 00:07 49488 c:\windows\system32\netfxperf.dll
+ 2006-07-13 10:39 . 2010-06-25 07:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-13 10:39 . 2010-06-24 07:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-06-22 14:11 . 2010-06-24 07:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-24 13:30 . 2010-06-25 07:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-07 22:48 . 2010-04-07 22:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 18:16 . 2008-07-29 18:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 00:07 . 2009-11-07 00:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-24 17:23 . 2010-06-24 17:23 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-24 17:32 . 2010-06-24 17:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-24 17:21 . 2010-06-24 17:21 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-24 17:19 . 2010-06-24 17:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-08 17:14 . 2009-08-08 17:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 17:06 . 2010-06-24 17:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-22 20:25 . 2010-06-22 20:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-22 20:25 . 2010-06-22 20:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 1980-01-01 00:00 . 2010-06-24 17:15 439968 c:\windows\system32\perfh009.dat
- 1980-01-01 00:00 . 2010-06-22 20:26 439968 c:\windows\system32\perfh009.dat
+ 2009-11-07 00:07 . 2009-11-07 00:07 297808 c:\windows\system32\mscoree.dll
+ 2010-03-30 23:16 . 2010-03-30 23:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 18:16 . 2008-07-29 18:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-24 17:31 . 2010-06-24 17:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-24 17:25 . 2010-06-24 17:25 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-24 17:27 . 2010-06-24 17:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-24 17:26 . 2010-06-24 17:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-24 17:21 . 2010-06-24 17:21 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-24 17:21 . 2010-06-24 17:21 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
- 2010-06-22 20:24 . 2010-06-22 20:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 17:06 . 2010-06-24 17:06 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-24 17:06 . 2010-06-24 17:06 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-24 17:06 . 2010-06-24 17:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-08 17:14 . 2009-08-08 17:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-07 00:06 . 2009-11-07 00:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-11-08 23:25 . 2009-11-08 23:25 1935360 c:\windows\Installer\9ca230.msp
+ 2008-12-05 18:30 . 2008-12-05 18:30 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_x86.dll
+ 2009-08-08 17:24 . 2009-08-08 17:24 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_GAC_x86.dll
+ 2009-08-08 17:14 . 2009-08-08 17:14 4210688 c:\windows\assembly\temp\YC3SB1MNSJ\PresentationCore.dll
+ 2009-08-08 17:14 . 2009-08-08 17:14 1245184 c:\windows\assembly\temp\OH2JK3OMCV\WindowsBase.dll
+ 2009-08-08 17:24 . 2009-08-08 17:24 5283840 c:\windows\assembly\temp\1HTYE5ISFG\PresentationFramework.dll
+ 2010-06-24 17:20 . 2010-06-24 17:20 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-24 17:32 . 2010-06-24 17:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-24 17:31 . 2010-06-24 17:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-24 17:30 . 2010-06-24 17:30 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-24 17:25 . 2010-06-24 17:25 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-24 17:24 . 2010-06-24 17:24 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-24 17:30 . 2010-06-24 17:30 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-24 17:10 . 2010-06-24 17:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-24 17:29 . 2010-06-24 17:29 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-24 17:17 . 2010-06-24 17:17 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-24 17:06 . 2010-06-24 17:06 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 17:17 . 2010-06-24 17:17 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-22 20:24 . 2010-06-22 20:24 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 17:15 . 2010-06-24 17:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-08 17:14 . 2009-08-08 17:14 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 17:17 . 2010-06-24 17:17 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-06-22 20:25 . 2010-06-22 20:25 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-24 17:14 . 2010-06-24 17:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-31 00:23 . 2010-03-31 00:23 15638528 c:\windows\Installer\9ca23c.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17 14599680 c:\windows\Installer\9ca217.msp
+ 2010-06-24 17:25 . 2010-06-24 17:25 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-24 17:21 . 2010-06-24 17:21 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-24 17:20 . 2010-06-24 17:20 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-02-27 2349080]
"{74714d77-1695-4e73-a98e-25cb374f46b4}"= "c:\program files\iPhone_OS_3\tbiPho.dll" [2010-03-17 2355224]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{74714d77-1695-4e73-a98e-25cb374f46b4}]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]
2010-04-15 11:33 2515552 ----a-w- c:\program files\iUserbar\tbiUse.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51d37496-c262-4d13-a8c1-c93e59bf50b9}"= "c:\program files\iUserbar\tbiUse.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{51d37496-c262-4d13-a8c1-c93e59bf50b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-12-04 2811392]
"TidyFavorites"="c:\program files\Tidy Favorites\TidyFavorites.exe" [2009-09-08 5390056]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-05-20 4818760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-13 2806272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"OnlineArmorTR"="c:\windows\OATR.exe" [2009-12-24 279632]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Defender.lnk - c:\plugins\Server.jar [2010-6-14 462079]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Tidy Favorites\\TidyFavorites.exe"=
"c:\\Program Files\\BT Next Evolution\\btnext.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11-06-2010 13:13 218592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05-05-2010 16:31 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [06-06-2010 10:38 20968]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09-06-2010 11:23 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12-10-2009 15:30 203280]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05-05-2010 16:30 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05-05-2010 16:31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [05-05-2010 16:31 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05-05-2010 16:31 55456]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [16-02-2010 13:47 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09-06-2010 11:22 20952]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05-05-2010 16:31 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-06-2009 9:42 691696]
S1 MpKsl9b094d04;MpKsl9b094d04;c:\windows\system32\MpEngineStore\MpKsl9b094d04.sys [10-06-2010 16:35 28752]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [14-02-2010 16:09 11392]
S3 Arfumdev;A4Tech USB Port RF-Mouse filter driver;c:\windows\system32\drivers\Arfumx86.sys [14-07-2006 13:47 10240]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-01-2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05-05-2010 16:31 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05-05-2010 16:31 83496]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [13-06-2010 15:18 40672]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11-06-2010 13:13 366840]
S4 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
S4 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [12-02-2009 11:11 54928]
S4 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [12-02-2009 11:12 21136]
S4 pctgntdi;pctgntdi;\??\c:\windows\system32\drivers\pctgntdi.sys --> c:\windows\system32\drivers\pctgntdi.sys [?]
S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11-06-2010 13:13 63360]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-04-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4169413263.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.pt
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {0BB649C2-8FD7-44BD-8808-1E7F4C15E4E1} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.projectosermais.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}\components\RadioWMPCore.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d64
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000072
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
"HistoryDir"="c:\\Documents and Settings\\Administrator\\Desktop\\FM Genie Scout 10\\History Points"
"LastSaveGame"="c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2010\\games\\benfica.fm"

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"ShortlistDir"=""
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-920\\db\\920\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000032
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="64-8B50-61FF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,0a,14,3a,83,37,75,06,8e,8d,26,e5,5c,e2,02,a8,11,e9,e7,91,04,36,cd,
60,9e,17,5a,9c,87,81,ca,cb,ba,a8,3a,89,19,a1,ea,76,59,26,29,88,7c,b0,70,60,\
"??"=hex:34,ff,27,86,97,c6,47,0b,9a,4c,45,9e,76,38,3d,be

[HKEY_USERS\S-1-5-21-2725072043-1781363593-3515527181-500\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:f5,21,28,05,11,b6,64,e5,3a,e5,86,71,6b,07,a2,11,e7,88,2f,a0,03,
32,1c,77,7d,f4,af,34,d8,bf,3d,06,68,f9,ef,c9,97,51,ea,f5,e5,ed,b9,41,25,ab,\
"rkeysecu"=hex:ff,3e,ad,cf,4a,a6,d9,5e,a2,d0,04,23,c3,58,e8,3d

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-06-25 10:14:59
ComboFix-quarantined-files.txt 2010-06-25 09:14
ComboFix2.txt 2010-06-24 10:23
ComboFix3.txt 2010-06-22 10:22

Pre-Run: 38.780.399.616 bytes free
Post-Run: 38.817.067.008 bytes free

- - End Of File - - 3734088E09E2428ABB70901F4FD55E5C


OTL logfile created on: 25-06-2010 13:12:19 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.023,00 Mb Total Physical Memory | 412,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1534 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 36,30 Gb Free Space | 23,67% Space Free | Partition Type: NTFS
Drive D: | 431,79 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 2,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: CB5F94CD68CA4FF
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-25 11:39:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-05-20 18:02:28 | 004,818,760 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010-04-27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010-04-27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010-04-14 12:29:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010-04-01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-03-04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010-01-24 11:17:35 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010-01-15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009-12-04 22:24:22 | 002,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009-09-08 21:13:54 | 005,390,056 | ---- | M] (OrdinarySoft) -- C:\Program Files\Tidy Favorites\TidyFavorites.exe
PRC - [2009-07-31 15:23:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008-10-16 21:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008-10-16 21:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008-10-16 20:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008-10-16 20:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-06-20 23:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-06-20 23:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-07-13 15:47:42 | 002,806,272 | R--- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005-06-21 15:09:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005-04-27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005-03-09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010-06-25 11:39:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2009-01-23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008-04-14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-04-27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010-04-27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010-04-14 12:29:58 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-03-10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010-01-24 11:17:35 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010-01-24 11:17:32 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009-12-14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009-11-16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-09-21 20:06:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-01-23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008-10-16 20:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008-10-16 20:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008-10-16 20:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2005-04-27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005-03-09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2010-06-24 15:08:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-10 16:35:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl9b094d04.sys -- (MpKsl9b094d04)
DRV - [2010-05-10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-04-27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010-04-27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010-04-27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010-04-27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010-04-27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010-04-27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010-04-27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010-04-27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010-04-27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010-04-27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010-04-08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010-03-30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010-02-17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-09-16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-09-16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-09-15 02:01:44 | 000,007,387 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.cat -- (pctgntdi)
DRV - [2009-02-12 11:12:18 | 000,021,136 | ---- | M] (Check Point Software Technologies) [Kernel | Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009-02-12 11:11:48 | 000,054,928 | ---- | M] (Check Point Software Technologies) [Kernel | Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2008-11-22 14:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008-05-16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-04-14 05:51:44 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007-11-09 20:30:38 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Disabled | Stopped] -- C:\Program Files\Lineage II\system\npkcrypt.sys -- (npkcrypt)
DRV - [2006-05-02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2006-04-11 13:56:12 | 000,010,240 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Arfumx86.sys -- (Arfumdev)
DRV - [2006-01-11 14:33:44 | 000,013,312 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2006-01-11 14:33:32 | 000,008,704 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2005-07-13 17:26:52 | 003,851,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-03-09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005-01-07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-03 22:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003-04-19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003-03-02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002-06-12 22:50:00 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CESG502.sys -- (PVUSB)
DRV - [2001-08-17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.pt
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TF = http://search.conduit.com?SearchSource=10&ctid=CT2405280
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\URLSearchHook: {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.projectosermais.com"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {9CD56302-43D2-49AA-8C0A-1FB303186E88}:5.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {74714d77-1695-4e73-a98e-25cb374f46b4}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010-03-02 19:04:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-12-02 19:29:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-24 14:48:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-24 14:48:16 | 000,000,000 | ---D | M]

[2009-09-08 11:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009-06-28 22:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-06-25 12:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions
[2010-04-27 20:07:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-27 20:07:36 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010-05-01 17:05:36 | 000,000,000 | ---D | M] (iPhone OS 3 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{74714d77-1695-4e73-a98e-25cb374f46b4}
[2010-04-27 20:07:35 | 000,000,000 | ---D | M] (Tidy Favorites) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{9CD56302-43D2-49AA-8C0A-1FB303186E88}
[2010-05-21 20:13:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-04-27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firebug@software.joehewitt.com
[2010-01-23 22:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\extensions\firefox@tvunetworks.com
[2010-01-10 18:04:19 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\searchplugins\bing.xml
[2009-09-30 11:08:32 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jhuucvpg.default\searchplugins\conduit.xml
[2010-06-25 11:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010-01-13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-04-01 18:34:22 | 000,001,525 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-04-01 18:34:22 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\priberam.xml
[2010-04-01 18:34:22 | 000,002,071 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sapo.xml
[2010-04-01 18:34:22 | 000,000,942 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml
[2010-04-01 18:34:22 | 000,000,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010-06-25 12:20:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100513221033.dll (McAfee, Inc.)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\nerocheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OnlineArmorTR] C:\WINDOWS\OATR.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500..\Run: [TidyFavorites] C:\Program Files\Tidy Favorites\TidyFavorites.exe (OrdinarySoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk = C:\plugins\Server.jar ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2725072043-1781363593-3515527181-500\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-12 12:02:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-02-26 11:49:39 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-07-30 09:30:42 | 000,000,154 | R--- | M] () - M:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - M:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006-09-11 14:26:42 | 000,000,027 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7e9efa39-7f9e-11df-9a38-0011d8ebbc85}\Shell - "" = AutoRun
O33 - MountPoints2\{7e9efa39-7f9e-11df-9a38-0011d8ebbc85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e9efa39-7f9e-11df-9a38-0011d8ebbc85}\Shell\AutoRun\command - "" = M:\autorun.exe -- [2008-11-27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
O34 - HKLM BootExecute: (autocheck autochk *sprestrt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-06-25 12:22:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-06-25 11:40:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-06-25 11:39:23 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-06-24 15:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010-06-24 14:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2010-06-22 14:44:12 | 000,000,000 | ---D | C] -- C:\BTNext
[2010-06-22 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\BTNext Evolution
[2010-06-22 10:20:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-06-20 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-06-14 14:40:40 | 000,000,000 | RHSD | C] -- C:\plugins
[2010-06-14 14:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010-06-14 13:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FrostWire
[2010-06-14 13:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2010-06-14 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010-06-13 21:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-06-13 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CASIO
[2010-06-13 15:18:08 | 000,040,672 | ---- | C] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) -- C:\WINDOWS\System32\drivers\CESG502.sys
[2010-06-13 15:18:03 | 000,503,808 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\VSFlex8L.ocx
[2010-06-13 15:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\CASIO
[2010-06-12 16:49:40 | 000,000,000 | ---D | C] -- C:\found.000
[2010-06-12 16:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010-06-12 15:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Logs
[2010-06-11 13:13:38 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-06-11 13:13:38 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010-06-11 13:13:26 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-06-11 13:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010-06-11 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-06-11 13:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010-06-10 21:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Albums
[2010-06-10 21:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2010-06-10 17:19:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-06-10 16:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010-06-10 10:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-06-10 10:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-06-09 18:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-06-09 16:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-06-09 16:52:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-06-09 16:52:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-06-09 16:52:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-06-09 16:41:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-06-09 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-06-09 12:42:19 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2010-06-09 12:42:19 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2010-06-09 12:42:19 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2010-06-09 12:42:19 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2010-06-09 12:42:19 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2010-06-09 12:42:19 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2010-06-09 12:42:18 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2010-06-09 12:42:18 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2010-06-09 12:42:18 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2010-06-09 12:42:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2010-06-09 12:42:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2010-06-09 12:42:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010-06-09 12:42:17 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2010-06-09 12:42:17 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2010-06-09 12:42:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2010-06-09 12:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FreeAudioPack
[2010-06-09 12:41:22 | 006,925,347 | ---- | C] (Koyote Soft ) -- C:\Documents and Settings\Administrator\My Documents\Setup_FreeConverter.exe
[2010-06-09 12:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010-06-09 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010-06-09 12:28:22 | 011,873,890 | ---- | C] (Audacity Team ) -- C:\Documents and Settings\Administrator\My Documents\audacity-win-unicode-1.3.12.exe
[2010-06-09 11:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010-06-09 11:25:56 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2010-06-09 11:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010-06-09 11:25:23 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010-06-09 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010-06-09 11:22:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-06-09 11:22:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-06-09 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-06-09 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010-06-07 14:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010-06-06 11:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2010-06-06 11:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\DivX H.264 decoder
[2010-06-06 10:59:28 | 016,418,083 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\My Documents\klcodec600f_1.exe.dap
[2010-06-06 10:54:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010-06-06 10:54:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-06-06 10:54:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010-06-06 10:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010-06-06 10:53:11 | 020,880,621 | ---- | C] (Media Player) -- C:\Documents and Settings\Administrator\My Documents\media.player.codec.pack.v3.9.5.setup.exe
[2010-06-06 10:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2010-06-06 10:38:06 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010-06-06 10:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010-06-06 10:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010-06-06 10:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010-06-05 13:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010-06-03 14:20:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010-06-03 14:20:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010-06-03 14:16:45 | 000,163,840 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Screen Saver.scr
[2010-06-03 14:16:44 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010-06-03 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010-06-03 14:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-06-03 14:13:13 | 000,110,720 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\mr97310c.sys
[2010-06-03 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mars
[2010-05-31 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\iUserbar

========== Files - Modified Within 30 Days ==========

[2010-06-25 13:55:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BD06457-AFDE-4D89-B17F-890D5FBAF225}.job
[2010-06-25 13:00:11 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010-06-25 12:35:13 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010-06-25 12:28:51 | 000,181,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-06-25 12:28:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-25 12:25:02 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010-06-25 12:24:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-25 12:24:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-25 12:23:32 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-06-25 12:23:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-06-25 12:20:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-06-25 11:39:27 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-06-25 10:04:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-06-25 09:39:12 | 003,719,978 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010-06-24 23:25:05 | 000,000,327 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ax_files.xml
[2010-06-24 22:22:38 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Gw.lnk
[2010-06-24 19:25:35 | 000,122,600 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-06-24 18:15:34 | 000,500,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-24 18:15:34 | 000,439,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-24 18:15:34 | 000,071,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-24 15:41:03 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
[2010-06-24 15:40:57 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-06-24 15:40:56 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010-06-24 15:08:20 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-06-23 21:57:01 | 000,978,470 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\word press.psd
[2010-06-23 11:40:46 | 002,594,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-23 09:21:39 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-06-23 09:19:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-22 18:17:04 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-06-22 14:40:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BTNext Evolution.lnk
[2010-06-22 10:20:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-06-22 09:47:04 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010-06-20 16:55:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-06-19 15:50:18 | 012,031,764 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Exames.rar
[2010-06-17 13:49:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-15 15:29:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-15 15:28:51 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2010-06-14 14:41:38 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk
[2010-06-14 14:25:57 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.8.lnk
[2010-06-14 14:06:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-06-13 19:32:38 | 000,174,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-06-13 15:18:06 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CASIO FA-124.lnk
[2010-06-12 15:44:23 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010-06-11 13:13:31 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010-06-10 21:11:05 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010-06-10 10:33:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-09 17:18:27 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ujbqnbis.exe
[2010-06-09 16:37:20 | 003,705,245 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ComboFix.exe.dap
[2010-06-09 12:45:42 | 001,371,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rap.mp3
[2010-06-09 12:41:30 | 006,925,347 | ---- | M] (Koyote Soft ) -- C:\Documents and Settings\Administrator\My Documents\Setup_FreeConverter.exe
[2010-06-09 12:28:45 | 011,873,890 | ---- | M] (Audacity Team ) -- C:\Documents and Settings\Administrator\My Documents\audacity-win-unicode-1.3.12.exe
[2010-06-09 11:26:08 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-06-09 11:25:50 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 8.lnk
[2010-06-09 11:18:52 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Malwarebytes_____Anti-Malware_v1.44_Serial_[_kk_].5290934.TPB.torrent
[2010-06-08 11:34:58 | 000,700,050 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rap.m4a
[2010-06-07 22:02:24 | 001,335,340 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\teste.wav
[2010-06-06 14:45:41 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PS3 Media Server.lnk
[2010-06-06 10:59:32 | 016,418,083 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\My Documents\klcodec600f_1.exe.dap
[2010-06-06 10:59:13 | 016,418,083 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\klcodec600f.exe.dap
[2010-06-06 10:53:25 | 020,880,621 | ---- | M] (Media Player) -- C:\Documents and Settings\Administrator\My Documents\media.player.codec.pack.v3.9.5.setup.exe
[2010-06-06 10:47:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010-06-06 10:34:14 | 000,009,554 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\1.54-setup-en.exe
[2010-06-06 10:12:16 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1-1.0.5-win32.exe
[2010-06-06 10:11:04 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010-06-05 13:45:10 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010-06-05 13:39:17 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2010-06-03 14:38:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2010-06-03 14:16:37 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010-06-03 14:12:47 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MY CAMERA.lnk

========== Files Created - No Company Name ==========

[2010-06-24 22:22:38 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Gw.lnk
[2010-06-24 15:45:59 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ax_files.xml
[2010-06-24 15:41:03 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
[2010-06-24 15:40:57 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010-06-24 15:40:56 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010-06-24 10:35:52 | 003,719,978 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010-06-23 21:56:56 | 000,978,470 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\word press.psd
[2010-06-22 18:17:04 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010-06-22 18:04:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-06-22 14:40:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BTNext Evolution.lnk
[2010-06-22 10:20:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-06-22 10:20:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010-06-22 09:47:04 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010-06-20 16:55:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-06-19 15:48:19 | 012,031,764 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Exames.rar
[2010-06-15 15:28:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-15 15:28:51 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2010-06-14 22:04:22 | 000,001,389 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Defender.lnk
[2010-06-14 14:41:38 | 000,001,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Defender.lnk
[2010-06-14 14:25:57 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.8.lnk
[2010-06-13 15:18:03 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\VSFlex8L.inf
[2010-06-13 15:17:56 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CASIO FA-124.lnk
[2010-06-11 13:23:49 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010-06-11 13:13:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010-06-11 13:13:38 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010-06-11 13:13:38 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010-06-11 13:13:31 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2010-06-11 13:13:26 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010-06-10 21:10:56 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010-06-10 10:33:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-06-09 18:02:00 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010-06-09 17:18:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ujbqnbis.exe
[2010-06-09 16:52:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-06-09 16:52:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-06-09 16:52:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-06-09 16:52:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-06-09 16:52:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-06-09 16:36:48 | 003,705,245 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ComboFix.exe.dap
[2010-06-09 12:45:30 | 001,371,337 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rap.mp3
[2010-06-09 12:42:19 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010-06-09 12:09:28 | 000,700,050 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rap.m4a
[2010-06-09 11:25:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FL Studio 8.lnk
[2010-06-09 11:23:04 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-06-09 11:18:52 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Malwarebytes_____Anti-Malware_v1.44_Serial_[_kk_].5290934.TPB.torrent
[2010-06-07 21:30:32 | 001,335,340 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\teste.wav
[2010-06-06 14:45:41 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PS3 Media Server.lnk
[2010-06-06 10:58:32 | 016,418,083 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\klcodec600f.exe.dap
[2010-06-06 10:47:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2010-06-06 10:34:18 | 000,009,554 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\1.54-setup-en.exe
[2010-06-06 10:11:17 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010-06-06 07:35:43 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1-1.0.5-win32.exe
[2010-06-05 13:45:10 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010-06-05 13:39:17 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III - The WarChiefs.lnk
[2010-06-03 14:20:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2010-06-03 14:16:37 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoImpression 4.lnk
[2010-06-03 14:12:47 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MY CAMERA.lnk
[2010-03-03 01:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010-03-03 01:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010-03-03 01:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-03-03 01:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010-03-03 01:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010-03-03 01:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010-03-03 01:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010-03-03 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010-03-03 01:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010-03-03 01:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010-03-03 01:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010-03-03 01:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010-03-03 01:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010-03-03 01:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010-03-03 01:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010-03-03 01:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010-03-03 01:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-16 13:47:10 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010-02-14 16:09:16 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\DUALSHOCK3FF.dll
[2010-02-14 16:09:16 | 000,011,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\dualshock3.sys
[2010-01-26 16:32:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-01-26 16:32:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-11-14 19:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009-11-14 19:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009-11-14 19:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009-11-14 19:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009-11-14 19:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009-11-14 19:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009-11-14 19:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009-11-14 19:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009-11-14 19:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009-11-14 19:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009-09-26 21:05:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-08-05 12:17:15 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009-08-05 12:17:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009-06-24 10:50:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-06-23 22:31:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-06-22 09:42:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009-06-10 19:23:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009-06-10 13:28:53 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dbcae9_s.dll
[2009-06-07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-01-10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008-11-06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-10-18 18:09:07 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007-10-13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007-05-26 08:51:34 | 000,000,217 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007-03-07 21:50:42 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2007-02-11 22:22:04 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007-02-11 22:21:36 | 000,000,671 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006-10-27 22:28:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006-10-27 22:28:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006-10-27 22:02:00 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2006-10-27 22:02:00 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2006-07-15 17:20:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-07-14 12:08:36 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006-07-13 19:50:36 | 000,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-07-13 16:20:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-05-09 18:19:12 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006-03-18 14:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006-03-09 15:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-03-09 15:29:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-03-09 15:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-03-09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-03-09 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-03-09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-01-19 11:23:28 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2003-03-09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-10-15 23:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-10-12 10:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001-10-12 10:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001-07-06 17:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2000-12-07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >



All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 262175 bytes
->Temporary Internet Files folder emptied: 842414 bytes
->Java cache emptied: 59253 bytes
->FireFox cache emptied: 43721562 bytes
->Apple Safari cache emptied: 120715102 bytes
->Flash cache emptied: 1982574 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 152891 bytes
->Temporary Internet Files folder emptied: 8717989 bytes
->Flash cache emptied: 42241 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 311430 bytes
->Flash cache emptied: 722 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3390774 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9140 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 172,00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 06252010_122014

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Attached Files


Edited by jacolas_saxolas, 25 June 2010 - 08:33 AM.


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 26 June 2010 - 06:38 AM

Hello, jacolas_saxolas.

OK, the blank log means that the batch file was blank. That's good. smile.gif

How is your computer running now?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 jacolas_saxolas

jacolas_saxolas
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 27 June 2010 - 04:23 AM

Hello,

Thank you so much for your help! My computer is running a lot faster and I have no Internet or audio problems now. I can even play games or use photoshop without my pc freezing.

I've updated java and this is my eset scan log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007120.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007121.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007122.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007123.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007124.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007125.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007126.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007127.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007128.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP2\A0007129.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9654FD7A-997C-4D48-B1C7-697BD17BC79F}\RP9\A0026061.sys Win32/Olmarik.ZC trojan cleaned - quarantined

Attached Files



#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 27 June 2010 - 06:12 AM

Hello, jacolas_saxolas.

Great! The virus scan only caught things we had quaratined already or inactive remnants in your system restore. We're almost done. Please update Java, then post one last DDS log.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 2


Please post an OTL Quick Scan.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users