Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite


  • This topic is locked This topic is locked
23 replies to this topic

#1 spl1h

spl1h

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 June 2010 - 12:55 PM

Fell victim to malware from Facebook. Ran mbam a dozen or so times; seem to have stopped the warning/scan popups, PC is still running slow and at the start there's a popup saying windows can't open Updates from HP.exe.vir. GMER kept freezing the system up when I tried to use it; I've only got the DDS logs. Thanks

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 11:33:37.62 on Sat 06/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.458 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aryion.com/forum/viewforum.php?f=53
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:1060
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: IE Translator: {531c49a7-179f-43ca-af5e-af375fbb8840} - c:\program files\sarm software\ietranslator\Translator.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe.vir
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-4 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-7 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-4 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-4 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-4 144704]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-6-24 82048]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-4 40552]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-4 34248]
S3 RMSAMSRP;RMSAMSRP;c:\docume~1\envis\locals~1\temp\rmsamsrp.exe --> c:\docume~1\envis\locals~1\temp\RMSAMSRP.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

=============== Created Last 30 ================

2010-06-11 04:19:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-16 05:27:19 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-05-16 05:27:17 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-05-16 05:22:18 0 d-----w- c:\program files\common files\DivX Shared
2010-05-16 04:20:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

==================== Find3M ====================

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut (2) to Program Files.lnk
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2006-07-12 23:03:22 251 ------w- c:\program files\wt3d.ini
2009-08-11 03:27:04 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-01-27 03:01:42 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-16 19:12:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\internet explorer\domstore\index.dat
2010-01-16 23:58:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011620100117\index.dat
2010-01-17 15:30:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011720100118\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 11:34:47.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 16 June 2010 - 05:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


Since you're having issues with GMER< please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 19 June 2010 - 10:29 AM

Got the other logs

OTL:

OTL logfile created on: 6/18/2010 10:39:26 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 11.95 Gb Free Space | 5.33% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.89% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/06 13:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008/08/21 12:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/16 05:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/16 05:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/16 05:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2006/02/21 19:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/02/14 00:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/02/14 00:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (RMSAMSRP)
SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 21:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/viewforum.php?f=53
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 1C D3 25 B0 9C CA 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1060

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..keyword.url: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1060
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 12:15:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DFDCE6F4-FDF0-454E-B231-38435896628A}: C:\Documents and Settings\envis\Local Settings\Application Data\{DFDCE6F4-FDF0-454E-B231-38435896628A} [2010/01/22 22:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC03F70B-E79B-4998-A9EB-1473DD5EF242}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{EC03F70B-E79B-4998-A9EB-1473DD5EF242} [2010/01/22 22:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/01/18 15:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/03/12 17:07:55 | 000,000,000 | ---D | M]

[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions

O1 HOSTS File: ([2010/03/29 19:10:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 22:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/17 23:59:56 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/10 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rucuilmq
[2010/06/10 21:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jtksue
[2010/06/07 19:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vfvxeyib
[2010/06/04 23:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\kwoirkj
[2010/05/28 15:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Windows Server
[2010/05/16 10:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2010/05/16 01:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DivX
[2010/05/16 01:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/16 00:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/14 19:49:02 | 054,470,616 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\HP_Administrator\Desktop\AVSVideoConverter.exe
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 22:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Usenet.nl
[2010/04/23 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Usenet.nl
[2010/04/23 22:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Usenet.nl
[2010/04/23 22:13:11 | 002,981,608 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\UsenetNLSetup_1.10.exe
[2010/04/08 17:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Canneverbe Limited
[2010/04/08 17:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/04/08 17:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/04/08 17:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/04/08 17:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/04/08 17:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Winamp
[2010/03/31 17:10:08 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/03/31 16:54:23 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/03/29 21:36:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/29 18:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/29 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/03/25 18:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/23 23:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010/03/21 16:09:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SGGED
[2010/03/21 16:02:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\cb4943e
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/18 22:35:20 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/18 22:30:15 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/18 22:17:52 | 000,028,323 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/18 22:16:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 22:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 22:16:50 | 1072,123,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/18 00:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/17 23:30:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 16:49:31 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/06/15 16:49:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/15 16:46:57 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/06/14 21:25:13 | 002,112,784 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/06/14 19:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/13 23:11:13 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 23:11:12 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 23:11:12 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 11:52:17 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/12 11:36:45 | 000,004,367 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 21:37:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/11 20:36:23 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 19:02:43 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 18:25:57 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 18:19:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/06/06 22:24:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/06 14:09:50 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 13:45:12 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
[2010/06/04 17:40:43 | 014,466,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:52 | 000,528,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:36 | 000,588,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:34 | 000,235,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[2010/05/23 22:23:32 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/05/22 22:34:14 | 000,232,850 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273212747_greenroon_page_1_raave.jpg
[2010/05/22 00:32:25 | 000,143,548 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIP___Hindsight_by_AmethystRealm.jpg
[2010/05/16 15:34:42 | 094,388,084 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part3.rar
[2010/05/16 13:05:16 | 100,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part2.rar
[2010/05/16 12:19:48 | 100,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part1.rar
[2010/05/16 01:29:36 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2010/05/16 01:28:16 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:25:27 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/14 19:49:02 | 054,470,616 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\HP_Administrator\Desktop\AVSVideoConverter.exe
[2010/05/07 12:56:09 | 000,091,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186591-6083.jpg
[2010/05/07 12:56:06 | 000,072,277 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186590-6083.jpg
[2010/05/07 12:56:04 | 000,088,991 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186589-6083.jpg
[2010/05/07 12:56:02 | 000,076,918 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186588-6083.jpg
[2010/05/07 12:55:58 | 000,086,772 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186587-6083.jpg
[2010/05/07 12:55:55 | 000,084,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186586-6083.jpg
[2010/05/07 12:53:36 | 000,602,606 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577694_silkysworld_robin_gobbles_hida_4.jpg
[2010/05/07 12:53:29 | 000,143,213 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577166_silkysworld_robin_gobbles_hida_3.jpg
[2010/05/07 12:53:22 | 000,167,733 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576987_silkysworld_robin_gobbles_hida_2.jpg
[2010/05/07 12:53:21 | 000,512,718 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576296_silkysworld_robin_sits_on_hida.jpg
[2010/05/07 12:53:21 | 000,210,446 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576842_silkysworld_robin_gobbles_hida_1.jpg
[2010/05/07 12:32:10 | 000,125,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729394_silkysworld_page_2.jpg
[2010/05/07 12:31:43 | 000,186,499 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729573_silkysworld_page_4.jpg
[2010/05/07 12:31:41 | 000,175,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729482_silkysworld_page_3.jpg
[2010/05/07 12:31:35 | 000,151,404 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729274_silkysworld_page_1.jpg
[2010/05/07 12:29:59 | 000,966,679 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident2.png
[2010/05/07 12:29:54 | 000,897,828 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident1.png
[2010/05/07 11:45:13 | 000,207,189 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729629_silkysworld_page_5.jpg
[2010/05/07 11:32:32 | 000,812,373 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273185313_renaayama_rednef-small-by-renaayama.jpg
[2010/05/07 02:00:07 | 002,231,428 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269750157_renaayama_stomach-animation-by-renaayama.gif
[2010/05/07 02:00:00 | 001,285,385 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269564187_renaayama_throat--animation-by-renaayama.gif
[2010/05/07 01:57:58 | 005,471,423 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269223060_renaayama_inside-maw-animation-by-renaayama.gif
[2010/05/07 01:57:11 | 000,598,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269015222_renaayama_arcanine-maw-animated-by-renaayama.gif
[2010/05/07 01:56:58 | 000,965,889 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268010271_renaayama_arcanine-small-by-renaayama.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 11:27:55 | 000,267,523 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-023.jpg
[2010/04/28 11:27:25 | 000,153,641 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-024.jpg
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 22:19:01 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Usenet.nl.lnk
[2010/04/23 22:13:11 | 002,981,608 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\UsenetNLSetup_1.10.exe
[2010/04/21 20:22:33 | 000,027,853 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\1c8acb5dc6fcfc074e3a2f6abfc3488b.gif
[2010/04/20 23:45:08 | 000,030,551 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s10.jpg
[2010/04/20 23:44:35 | 000,029,266 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\s6.jpg
[2010/04/20 23:43:47 | 000,027,581 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s7.jpg
[2010/04/13 21:51:06 | 000,023,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z3.jpg
[2010/04/13 21:51:01 | 000,039,412 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z8.jpg
[2010/04/13 21:50:58 | 000,029,829 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z1.jpg
[2010/04/13 21:50:38 | 000,032,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z2.jpg
[2010/04/13 19:55:51 | 000,015,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_july0609_160x200_6.jpg
[2010/04/13 19:33:55 | 000,021,895 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_oct3009_160x200_05.jpg
[2010/04/13 19:33:54 | 000,027,287 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s_fl_feb1009_160x200_02.jpg
[2010/04/13 19:33:52 | 000,014,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rl_fl0504_160x200_20.jpg
[2010/04/12 15:01:47 | 005,004,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part5.rar
[2010/04/12 14:44:57 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part4.rar
[2010/04/12 13:33:05 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part3.rar
[2010/04/08 21:02:02 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part2.rar
[2010/04/08 20:12:18 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part1.rar
[2010/04/08 18:03:16 | 067,298,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part3.rar
[2010/04/08 17:46:06 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/04/07 23:01:46 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part2.rar
[2010/04/07 22:27:04 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part1.rar
[2010/04/07 12:50:50 | 000,078,151 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grog.png
[2010/04/07 12:49:31 | 000,017,617 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\200px-Grog.jpg
[2010/04/06 22:15:12 | 000,834,569 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269983037_renaayama_taste-like-chicken-sketch--by-renaayama.jpg
[2010/04/04 13:40:17 | 000,287,192 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091884_blondevelvet18_scan0023.jpg
[2010/04/04 13:40:14 | 000,294,325 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091755_blondevelvet18_scan0022.jpg
[2010/04/04 13:40:14 | 000,167,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375452_blondevelvet18_scan0054.jpg
[2010/04/04 13:40:09 | 000,184,566 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375178_blondevelvet18_scan0055.jpg
[2010/04/04 13:39:00 | 000,503,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270206116_cownugget_lynxvore.png
[2010/04/04 13:38:55 | 000,207,050 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270180487_zephyx_occupied.jpg
[2010/04/03 22:15:55 | 000,013,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/04/03 17:07:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/31 17:09:54 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2010/03/31 17:08:27 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/31 16:53:53 | 000,000,393 | ---- | M] () -- C:\Program Files\Shortcut to Program Files.lnk
[2010/03/31 16:53:53 | 000,000,393 | ---- | M] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2010/03/31 14:28:45 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part1.rar
[2010/03/31 14:28:43 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part3.rar
[2010/03/31 13:43:43 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part2.rar
[2010/03/31 13:34:04 | 079,142,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part4.rar
[2010/03/30 23:26:07 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part2.rar
[2010/03/30 23:25:48 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part3.rar
[2010/03/30 23:25:05 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part1.rar
[2010/03/30 23:13:43 | 078,926,218 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part4.rar
[2010/03/29 19:11:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 19:10:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 17:38:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/29 17:02:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byosigududi.dat
[2010/03/29 15:43:09 | 000,012,260 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\N8t8HBsW
[2010/03/29 15:43:09 | 000,012,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N8t8HBsW
[2010/03/29 13:31:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/03/29 10:19:48 | 000,009,896 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cJAKX65roVxQl
[2010/03/28 19:12:08 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/03/28 18:18:07 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\A guide and tutorial on using ComboFix.url
[2010/03/28 00:45:29 | 000,009,960 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cJAKX65roVxQl
[2010/03/27 23:36:19 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part5.rar
[2010/03/27 23:35:30 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part2.rar
[2010/03/27 23:34:50 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part3.rar
[2010/03/27 23:34:18 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part1.rar
[2010/03/27 23:33:35 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part4.rar
[2010/03/27 22:27:37 | 011,349,206 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part6.rar
[2010/03/27 11:42:25 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gala - Search problem - Malwarebytes Forum.url
[2010/03/27 11:37:32 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RapidShare 1-CLICK Web hosting - Easy Filehosting.url
[2010/03/26 21:09:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/25 18:29:28 | 000,000,728 | -H-- | M] () -- C:\IPH.PH
[2010/03/25 18:29:24 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/23 23:13:45 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\JDownloader.lnk
[2010/03/23 19:55:50 | 000,011,236 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2010/03/22 18:08:59 | 000,011,154 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/03/21 17:12:34 | 000,011,330 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vms1e21
[2010/03/21 17:12:33 | 000,011,330 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vms1e21
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\zividalo
[2010/06/12 11:53:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2010/06/12 11:36:45 | 000,004,367 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 21:31:16 | 1072,123,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/11 20:36:22 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 11:34:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/06 22:24:38 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/04 17:40:43 | 014,466,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:43 | 000,528,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:24 | 000,588,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:32 | 000,235,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[2010/05/23 22:23:29 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/05/22 22:34:47 | 000,232,850 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273212747_greenroon_page_1_raave.jpg
[2010/05/22 00:41:36 | 000,143,548 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIP___Hindsight_by_AmethystRealm.jpg
[2010/05/16 15:34:42 | 094,388,084 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part3.rar
[2010/05/16 13:05:16 | 100,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part2.rar
[2010/05/16 12:19:48 | 100,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part1.rar
[2010/05/16 01:29:36 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2010/05/16 01:28:16 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:25:27 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/07 13:00:42 | 000,091,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186591-6083.jpg
[2010/05/07 12:59:53 | 000,072,277 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186590-6083.jpg
[2010/05/07 12:57:03 | 000,088,991 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186589-6083.jpg
[2010/05/07 12:56:45 | 000,076,918 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186588-6083.jpg
[2010/05/07 12:56:30 | 000,086,772 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186587-6083.jpg
[2010/05/07 12:56:16 | 000,084,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186586-6083.jpg
[2010/05/07 12:54:39 | 000,602,606 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577694_silkysworld_robin_gobbles_hida_4.jpg
[2010/05/07 12:54:27 | 000,143,213 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577166_silkysworld_robin_gobbles_hida_3.jpg
[2010/05/07 12:54:16 | 000,167,733 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576987_silkysworld_robin_gobbles_hida_2.jpg
[2010/05/07 12:54:05 | 000,210,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576842_silkysworld_robin_gobbles_hida_1.jpg
[2010/05/07 12:53:53 | 000,512,718 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576296_silkysworld_robin_sits_on_hida.jpg
[2010/05/07 12:33:14 | 000,207,189 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729629_silkysworld_page_5.jpg
[2010/05/07 12:32:50 | 000,186,499 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729573_silkysworld_page_4.jpg
[2010/05/07 12:32:30 | 000,175,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729482_silkysworld_page_3.jpg
[2010/05/07 12:32:15 | 000,125,988 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729394_silkysworld_page_2.jpg
[2010/05/07 12:32:00 | 000,151,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729274_silkysworld_page_1.jpg
[2010/05/07 12:30:42 | 000,966,679 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident2.png
[2010/05/07 12:30:17 | 000,897,828 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident1.png
[2010/05/07 11:32:59 | 000,812,373 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273185313_renaayama_rednef-small-by-renaayama.jpg
[2010/05/07 02:00:58 | 002,231,428 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269750157_renaayama_stomach-animation-by-renaayama.gif
[2010/05/07 02:00:20 | 001,285,385 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269564187_renaayama_throat--animation-by-renaayama.gif
[2010/05/07 01:59:04 | 005,471,423 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269223060_renaayama_inside-maw-animation-by-renaayama.gif
[2010/05/07 01:58:37 | 000,598,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269015222_renaayama_arcanine-maw-animated-by-renaayama.gif
[2010/05/07 01:58:05 | 000,965,889 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268010271_renaayama_arcanine-small-by-renaayama.jpg
[2010/04/28 11:29:21 | 000,153,641 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-024.jpg
[2010/04/28 11:28:22 | 000,267,523 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-023.jpg
[2010/04/23 22:19:01 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Usenet.nl.lnk
[2010/04/21 20:24:00 | 000,027,853 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\1c8acb5dc6fcfc074e3a2f6abfc3488b.gif
[2010/04/20 23:48:25 | 000,027,581 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s7.jpg
[2010/04/20 23:47:54 | 000,029,266 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\s6.jpg
[2010/04/20 23:46:02 | 000,030,551 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s10.jpg
[2010/04/13 22:26:09 | 000,015,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_july0609_160x200_6.jpg
[2010/04/13 22:00:40 | 000,023,488 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z3.jpg
[2010/04/13 22:00:34 | 000,014,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rl_fl0504_160x200_20.jpg
[2010/04/13 22:00:29 | 000,021,895 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_oct3009_160x200_05.jpg
[2010/04/13 22:00:21 | 000,027,287 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s_fl_feb1009_160x200_02.jpg
[2010/04/13 22:00:09 | 000,029,829 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z1.jpg
[2010/04/13 21:59:57 | 000,039,412 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z8.jpg
[2010/04/13 21:59:34 | 000,032,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z2.jpg
[2010/04/12 15:01:47 | 005,004,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part5.rar
[2010/04/12 14:44:57 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part4.rar
[2010/04/12 13:33:05 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part3.rar
[2010/04/08 21:02:02 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part2.rar
[2010/04/08 20:12:19 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part1.rar
[2010/04/08 18:03:16 | 067,298,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part3.rar
[2010/04/08 17:46:06 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/04/07 23:01:46 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part2.rar
[2010/04/07 22:27:04 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part1.rar
[2010/04/07 16:08:16 | 000,078,151 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grog.png
[2010/04/07 15:19:58 | 000,017,617 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\200px-Grog.jpg
[2010/04/06 22:15:45 | 000,834,569 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269983037_renaayama_taste-like-chicken-sketch--by-renaayama.jpg
[2010/04/04 13:41:02 | 000,287,192 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091884_blondevelvet18_scan0023.jpg
[2010/04/04 13:40:50 | 000,294,325 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091755_blondevelvet18_scan0022.jpg
[2010/04/04 13:40:41 | 000,167,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375452_blondevelvet18_scan0054.jpg
[2010/04/04 13:40:21 | 000,184,566 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375178_blondevelvet18_scan0055.jpg
[2010/04/04 13:39:24 | 000,503,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270206116_cownugget_lynxvore.png
[2010/04/04 13:39:10 | 000,207,050 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270180487_zephyx_occupied.jpg
[2010/04/03 22:13:38 | 000,013,000 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8Cq4r
[2010/04/03 22:13:38 | 000,013,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8Cq4r
[2010/03/31 17:09:53 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2010/03/31 17:08:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/31 17:08:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/31 16:53:53 | 000,000,393 | ---- | C] () -- C:\Program Files\Shortcut to Program Files.lnk
[2010/03/31 16:53:53 | 000,000,393 | ---- | C] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2010/03/31 14:28:45 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part1.rar
[2010/03/31 14:28:43 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part3.rar
[2010/03/31 13:43:43 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part2.rar
[2010/03/31 13:34:04 | 079,142,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part4.rar
[2010/03/30 23:26:08 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part2.rar
[2010/03/30 23:25:48 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part3.rar
[2010/03/30 23:25:05 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part1.rar
[2010/03/30 23:13:44 | 078,926,218 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part4.rar
[2010/03/29 17:38:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/29 14:15:04 | 000,012,260 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\N8t8HBsW
[2010/03/29 14:15:04 | 000,012,260 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N8t8HBsW
[2010/03/28 19:12:08 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/03/28 00:42:28 | 000,009,960 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cJAKX65roVxQl
[2010/03/27 23:36:20 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part5.rar
[2010/03/27 23:35:33 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part2.rar
[2010/03/27 23:34:51 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part3.rar
[2010/03/27 23:34:19 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part1.rar
[2010/03/27 23:33:36 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part4.rar
[2010/03/27 23:05:34 | 000,009,896 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cJAKX65roVxQl
[2010/03/27 23:05:34 | 000,009,518 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\cJAKX65roVxQl
[2010/03/27 22:27:37 | 011,349,206 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part6.rar
[2010/03/27 12:02:31 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\A guide and tutorial on using ComboFix.url
[2010/03/24 16:55:45 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/03/24 00:28:36 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gala - Search problem - Malwarebytes Forum.url
[2010/03/23 23:13:45 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\JDownloader.lnk
[2010/03/23 19:52:14 | 000,011,236 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4
[2010/03/23 19:52:14 | 000,011,236 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2010/03/22 15:06:59 | 000,011,154 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 15:06:59 | 000,011,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/21 16:25:43 | 000,011,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vms1e21
[2010/03/21 16:25:42 | 000,011,330 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vms1e21
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== LOP Check ==========

[2009/12/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/27 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/29 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/03/21 16:14:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\cb4943e
[2006/06/24 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/24 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/29 13:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/03/16 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/23 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/03/21 16:09:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SGGED
[2010/01/17 13:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/19 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/18 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/11 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/20 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon.HOMEWORKFAST\Application Data\uTorrent
[2010/05/04 11:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\BitTorrent
[2010/05/04 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\Template
[2009/12/05 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/25 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Image Zone Express
[2009/12/25 12:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Leadertech
[2009/12/04 17:34:51 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/01 10:57:56 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/18 00:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2006/07/14 13:18:08 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/27 03:21:54 | 007,477,561 | ---- | M] (Intel Corporation ) -- C:\setup_all.exe


< MD5 for: AGP440.SYS >
[2009/09/16 18:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/03 21:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/12/03 21:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 15:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009/09/16 18:20:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/03 21:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/12/03 21:43:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/02/21 19:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\cmdcons\iaStor.sys
[2006/02/21 19:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\hp\drivers\Intel_SATA_RAID_ICH7DH\iaStor.sys
[2006/02/21 19:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\hp\drivers\Intel_SATA_RAID_ICH7DH\Utility\Winall\Driver\iaStor.sys
[2006/02/21 19:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/02/21 19:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\iaStor.sys
[2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2006/02/21 19:46:14 | 000,497,664 | ---- | M] (Intel Corporation) MD5=EBEDA5E218E0FB311A0D28923E7398E6 -- C:\hp\drivers\Intel_SATA_RAID_ICH7DH\Utility\Winall\Driver64\IaStor.sys
[2006/02/21 19:46:14 | 000,497,664 | ---- | M] (Intel Corporation) MD5=EBEDA5E218E0FB311A0D28923E7398E6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-19 11:08:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxddykog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \FileSystem\Cdfs \Cdfs F6BA6400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b0
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\10 - The Violent Sequence.flac 24148874 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat (Soundtrack Ver).flac 17933541 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\02 - Heart Beat, Pig Meat (Film Ver).flac 16260357 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\03 - Crumbling Land (Soundtrack Ver).flac 29038768 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\04 - Crumbling Land (Fast Ver).flac 33696855 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\05 - Crumbling Land (Extended Ver).flac 34707906 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\06 - Crumbling Land (Film Ver).flac 3290094 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\07 - Crumbling Land (Rock Ver).flac 11707207 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\08 - Come In Number 51, Your Time Is Up (Soundtrack Ver).flac 30110373 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\09 - Come In Number 51, Your Time Is Up (Film Ver).flac 28046327 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\11 - Love Scene 2 (Vibes).flac 30657035 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\12 - Unknown Song (Soundtrack Ver).flac 34032108 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\13 - Unknown Song (Rough Ver).flac 41442509 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\14 - Unknown Song (Early Ver).flac 35444273 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\15 - Unknown Song (Alternate Ver).flac 33672623 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\16 - Moonhead (BBC-TV 07.69, Documentary On The Lunar Landing).flac 19739112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[FLAC].m3u 702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[WAV].CUE 1525 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\09 - Oenone (Final Ver).flac 31865295 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\01 - Country Song (Soundtrack Ver).flac 27429411 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\02 - Country Song (Alternate Ver).flac 38912339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\03 - Country Song (Humming Ver).flac 12049752 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\04 - Country Song (Instrumental).flac 7670109 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\05 - Love Scene 6 (Soundtrack Ver, Blues).flac 41908316 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\06 - Love Scene 6 (Alternate Ver).flac 43604493 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\07 - Love Scene 4 (Soundtrack Ver).flac 25580829 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\08 - Love Scene 4 (Piano-Vibes Mix).flac 16061121 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\10 - Oenone (Early Ver).flac 21915702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\11 - Oenone (Extended Ver).flac 33552125 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\12 - Oenone (Short Ver).flac 5206819 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\13 - Oenone (Alternate Ver).flac 16892675 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\14 - Fingal's Cave.flac 12299658 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\15 - Main Theme (The Committee Soundtrack, 05.68).flac 16910531 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\16 - Zappa-Set The Controls (All My Loving- UK TV, 08.18.68).flac 21100688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).CUE 1466 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).m3u 643 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat.flac 16961219 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\02 - Brother Mary.flac 17019339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\03 - Dark Star (Excerpt).flac 15514175 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\04 - Crumbling Land.flac 27945471 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\05 - Tennessee Waltz.flac 10507326 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\06 - Sugar Babe.flac 15512031 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\07 - Love Scene.flac 35071428 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\08 - I Wish I Was A Single Girl Again.flac 8194119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\09 - Mickey's Tune.flac 11092112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\10 - Dance Of Death.flac 14930861 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\11 - Come In Number 51, Your Time Is Up.flac 30138169 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1) Fingerprint.txt 688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1).log 3143 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[FLAC].m3u 334 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[WAV].cue 1963 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\01 - Love Scene Improvisations Version 1.flac 21629128 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\02 - Love Scene Improvisations Version 2.flac 27582518 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\03 - Love Scene Improvisations Version 3.flac 26510707 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\04 - Love Scene Improvisations Version 4.flac 27164089 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\05 - Country Song.flac 27521119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\06 - Unknown Song.flac 34090443 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\07 - Love Scene Version 6.flac 41799030 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\08 - Love Scene Version 4.flac 25693421 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes) Fingerprint.txt 564 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes).log 2545 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[FLAC].m3u 309 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[WAV].cue 1619 bytes

---- EOF - GMER 1.0.15 ----


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 19 June 2010 - 02:54 PM

Hello, spl1h.

First, I see you have ran TDSSKiller. If that found anything, it would be a backdoor rootkit so i'll give you this warning just in case.


Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/...sk-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.


Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


First, a quesiton. I see some malicious proxies installed on your computer (127.0.0.1:5555). Those are bad and came with the rogue software. However, I see one that may be legit in Firefox. Did you set up a proxy for FF and IE for 127.0.0.1:1060? If you're not sure what I'm asking, that's my answer as well, just let me know. smile.gif



Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (RMSAMSRP)
    SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir (Hewlett-Packard)
    :files
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir
    C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
    C:\Documents and Settings\All Users\Application Data\8Cq4r
    C:\Documents and Settings\All Users\Application Data\cb4943e
    C:\Documents and Settings\All Users\Application Data\cJAKX65roVxQl
    C:\Documents and Settings\All Users\Application Data\N8t8HBsW
    C:\Documents and Settings\All Users\Application Data\SGGED
    C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    C:\Documents and Settings\All Users\Application Data\vms1e21
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cJAKX65roVxQl
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\N8t8HBsW
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vms1e21
    C:\Documents and Settings\LocalService\Local Settings\Application Data\VH56DJI7u87yo
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\8Cq4r
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\cJAKX65roVxQl
    C:\WINDOWS\Byosigududi.dat
    C:\WINDOWS\Rwilegirifadu.bin
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares

Edited by etavares, 19 June 2010 - 02:54 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 19 June 2010 - 05:35 PM

The logs:

All processes killed
========== OTL ==========
Error: No service named RMSAMSRP was found to stop!
Service\Driver key RMSAMSRP not found.
Service Pml Driver HPZ12 stopped successfully!
Service Pml Driver HPZ12 deleted successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk scheduled to be moved on reboot.
File C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir not found.
========== FILES ==========
File\Folder C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir not found.
File\Folder C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\8Cq4r not found.


File\Folder C:\Documents and Settings\All Users\Application Data\cb4943e not found.
File\Folder C:\Documents and Settings\All Users\Application Data\cJAKX65roVxQl not found.
File\Folder C:\Documents and Settings\All Users\Application Data\N8t8HBsW not found.
File\Folder C:\Documents and Settings\All Users\Application Data\SGGED not found.
File\Folder C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo not found.
File\Folder C:\Documents and Settings\All Users\Application Data\vms1e21 not found.
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cJAKX65roVxQl not found.
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\N8t8HBsW not found.
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vms1e21 not found.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Application Data\VH56DJI7u87yo not found.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4 not found.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\8Cq4r not found.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\cJAKX65roVxQl not found.
File\Folder C:\WINDOWS\Byosigududi.dat not found.
File\Folder C:\WINDOWS\Rwilegirifadu.bin not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brandon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Brandon.HOMEWORKFAST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: envis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 245393 bytes
->Temporary Internet Files folder emptied: 7670973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: HP_Administrator.HOMEWORKFAST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nancy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nancy.HOMEWORKFAST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_181206

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk not found!
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCBF6.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCC07.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCC6C.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCC7D.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCCB5.tmp not found!
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFCCCA.tmp not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ9KSMIR\iframe[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\RM3LT0TY\topic323846[1].htm moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 6/19/2010 6:18:45 PM - Run 4
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 18.11 Gb Free Space | 8.08% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/06 13:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008/08/21 12:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/16 05:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/02/21 19:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/02/16 01:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/02/14 00:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/02/14 00:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 21:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/viewforum.php?f=53
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 1C D3 25 B0 9C CA 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1060

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..keyword.url: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1060
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 12:15:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DFDCE6F4-FDF0-454E-B231-38435896628A}: C:\Documents and Settings\envis\Local Settings\Application Data\{DFDCE6F4-FDF0-454E-B231-38435896628A} [2010/01/22 22:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC03F70B-E79B-4998-A9EB-1473DD5EF242}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{EC03F70B-E79B-4998-A9EB-1473DD5EF242} [2010/01/22 22:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/01/18 15:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/03/12 17:07:55 | 000,000,000 | ---D | M]

[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions

O1 HOSTS File: ([2010/03/29 19:10:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe File not found
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/19 18:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Logs
[2010/06/19 16:55:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/19 16:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 16:48:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2010/06/17 23:59:56 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/10 21:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rucuilmq
[2010/06/10 21:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jtksue
[2010/06/07 19:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vfvxeyib
[2010/06/04 23:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\kwoirkj
[2010/05/28 15:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Windows Server
[2010/05/16 10:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2010/05/16 01:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DivX
[2010/05/16 01:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/16 00:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/14 19:49:02 | 054,470,616 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\HP_Administrator\Desktop\AVSVideoConverter.exe
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 22:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Usenet.nl
[2010/04/23 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Usenet.nl
[2010/04/23 22:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Usenet.nl
[2010/04/23 22:13:11 | 002,981,608 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\UsenetNLSetup_1.10.exe
[2010/04/08 17:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Canneverbe Limited
[2010/04/08 17:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/04/08 17:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/04/08 17:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/04/08 17:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/04/08 17:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Winamp
[2010/03/31 17:10:08 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2010/03/31 16:54:23 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/03/29 21:36:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/29 18:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/29 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/03/25 18:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/23 23:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/19 18:18:33 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/19 18:14:40 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/19 18:14:16 | 000,028,323 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/19 18:13:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/19 18:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/19 18:13:24 | 1072,123,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 18:12:24 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/06/19 18:12:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/19 18:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/19 17:56:46 | 000,618,964 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Autoruns.zip
[2010/06/19 17:55:23 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cannot find CCombofixhidec.exe on Startup.url
[2010/06/19 17:48:01 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\can't uninstall combofix - MajorGeeks Support Forums.url
[2010/06/19 17:43:59 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combofix will not uninstall after using combofix -u.url
[2010/06/19 17:40:19 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$bands.doc
[2010/06/19 16:53:22 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 16:53:13 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2010/06/19 16:53:13 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2010/06/19 16:48:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2010/06/19 16:43:20 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/06/19 16:43:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$edish-English.doc
[2010/06/19 10:59:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 22:59:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/18 00:00:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/17 23:30:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 16:46:57 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/06/14 21:25:13 | 002,112,784 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/06/14 19:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/13 23:11:13 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 23:11:12 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 23:11:12 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 11:36:45 | 000,004,367 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 21:37:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/11 20:36:23 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 19:02:43 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 18:25:57 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 18:19:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/06/06 22:24:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/06 14:09:50 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 17:40:43 | 014,466,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:52 | 000,528,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:36 | 000,588,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:34 | 000,235,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[2010/05/22 22:34:14 | 000,232,850 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273212747_greenroon_page_1_raave.jpg
[2010/05/22 00:32:25 | 000,143,548 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIP___Hindsight_by_AmethystRealm.jpg
[2010/05/16 15:34:42 | 094,388,084 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part3.rar
[2010/05/16 13:05:16 | 100,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part2.rar
[2010/05/16 12:19:48 | 100,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part1.rar
[2010/05/16 01:29:36 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2010/05/16 01:28:16 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:25:27 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/14 19:49:02 | 054,470,616 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\HP_Administrator\Desktop\AVSVideoConverter.exe
[2010/05/07 12:56:09 | 000,091,652 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186591-6083.jpg
[2010/05/07 12:56:06 | 000,072,277 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186590-6083.jpg
[2010/05/07 12:56:04 | 000,088,991 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186589-6083.jpg
[2010/05/07 12:56:02 | 000,076,918 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186588-6083.jpg
[2010/05/07 12:55:58 | 000,086,772 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186587-6083.jpg
[2010/05/07 12:55:55 | 000,084,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\186586-6083.jpg
[2010/05/07 12:53:36 | 000,602,606 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577694_silkysworld_robin_gobbles_hida_4.jpg
[2010/05/07 12:53:29 | 000,143,213 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577166_silkysworld_robin_gobbles_hida_3.jpg
[2010/05/07 12:53:22 | 000,167,733 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576987_silkysworld_robin_gobbles_hida_2.jpg
[2010/05/07 12:53:21 | 000,512,718 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576296_silkysworld_robin_sits_on_hida.jpg
[2010/05/07 12:53:21 | 000,210,446 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576842_silkysworld_robin_gobbles_hida_1.jpg
[2010/05/07 12:32:10 | 000,125,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729394_silkysworld_page_2.jpg
[2010/05/07 12:31:43 | 000,186,499 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729573_silkysworld_page_4.jpg
[2010/05/07 12:31:41 | 000,175,105 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729482_silkysworld_page_3.jpg
[2010/05/07 12:31:35 | 000,151,404 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729274_silkysworld_page_1.jpg
[2010/05/07 12:29:59 | 000,966,679 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident2.png
[2010/05/07 12:29:54 | 000,897,828 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident1.png
[2010/05/07 11:45:13 | 000,207,189 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729629_silkysworld_page_5.jpg
[2010/05/07 11:32:32 | 000,812,373 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273185313_renaayama_rednef-small-by-renaayama.jpg
[2010/05/07 02:00:07 | 002,231,428 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269750157_renaayama_stomach-animation-by-renaayama.gif
[2010/05/07 02:00:00 | 001,285,385 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269564187_renaayama_throat--animation-by-renaayama.gif
[2010/05/07 01:57:58 | 005,471,423 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269223060_renaayama_inside-maw-animation-by-renaayama.gif
[2010/05/07 01:57:11 | 000,598,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269015222_renaayama_arcanine-maw-animated-by-renaayama.gif
[2010/05/07 01:56:58 | 000,965,889 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268010271_renaayama_arcanine-small-by-renaayama.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 11:27:55 | 000,267,523 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-023.jpg
[2010/04/28 11:27:25 | 000,153,641 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-024.jpg
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 22:19:01 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Usenet.nl.lnk
[2010/04/23 22:13:11 | 002,981,608 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\UsenetNLSetup_1.10.exe
[2010/04/21 20:22:33 | 000,027,853 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\1c8acb5dc6fcfc074e3a2f6abfc3488b.gif
[2010/04/20 23:45:08 | 000,030,551 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s10.jpg
[2010/04/20 23:44:35 | 000,029,266 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\s6.jpg
[2010/04/20 23:43:47 | 000,027,581 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s7.jpg
[2010/04/13 21:51:06 | 000,023,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z3.jpg
[2010/04/13 21:51:01 | 000,039,412 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z8.jpg
[2010/04/13 21:50:58 | 000,029,829 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z1.jpg
[2010/04/13 21:50:38 | 000,032,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\z2.jpg
[2010/04/13 19:55:51 | 000,015,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_july0609_160x200_6.jpg
[2010/04/13 19:33:55 | 000,021,895 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_oct3009_160x200_05.jpg
[2010/04/13 19:33:54 | 000,027,287 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s_fl_feb1009_160x200_02.jpg
[2010/04/13 19:33:52 | 000,014,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rl_fl0504_160x200_20.jpg
[2010/04/12 15:01:47 | 005,004,748 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part5.rar
[2010/04/12 14:44:57 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part4.rar
[2010/04/12 13:33:05 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part3.rar
[2010/04/08 21:02:02 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part2.rar
[2010/04/08 20:12:18 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part1.rar
[2010/04/08 18:03:16 | 067,298,272 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part3.rar
[2010/04/08 17:46:06 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/04/07 23:01:46 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part2.rar
[2010/04/07 22:27:04 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part1.rar
[2010/04/07 12:50:50 | 000,078,151 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grog.png
[2010/04/07 12:49:31 | 000,017,617 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\200px-Grog.jpg
[2010/04/06 22:15:12 | 000,834,569 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269983037_renaayama_taste-like-chicken-sketch--by-renaayama.jpg
[2010/04/04 13:40:17 | 000,287,192 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091884_blondevelvet18_scan0023.jpg
[2010/04/04 13:40:14 | 000,294,325 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091755_blondevelvet18_scan0022.jpg
[2010/04/04 13:40:14 | 000,167,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375452_blondevelvet18_scan0054.jpg
[2010/04/04 13:40:09 | 000,184,566 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375178_blondevelvet18_scan0055.jpg
[2010/04/04 13:39:00 | 000,503,898 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270206116_cownugget_lynxvore.png
[2010/04/04 13:38:55 | 000,207,050 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270180487_zephyx_occupied.jpg
[2010/03/31 17:09:54 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2010/03/31 17:08:27 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/31 16:53:53 | 000,000,393 | ---- | M] () -- C:\Program Files\Shortcut to Program Files.lnk
[2010/03/31 16:53:53 | 000,000,393 | ---- | M] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2010/03/31 14:28:45 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part1.rar
[2010/03/31 14:28:43 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part3.rar
[2010/03/31 13:43:43 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part2.rar
[2010/03/31 13:34:04 | 079,142,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part4.rar
[2010/03/30 23:26:07 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part2.rar
[2010/03/30 23:25:48 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part3.rar
[2010/03/30 23:25:05 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part1.rar
[2010/03/30 23:13:43 | 078,926,218 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part4.rar
[2010/03/29 19:11:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 19:10:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 17:38:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/28 19:12:08 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/03/28 18:18:07 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\A guide and tutorial on using ComboFix.url
[2010/03/27 23:36:19 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part5.rar
[2010/03/27 23:35:30 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part2.rar
[2010/03/27 23:34:50 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part3.rar
[2010/03/27 23:34:18 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part1.rar
[2010/03/27 23:33:35 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part4.rar
[2010/03/27 22:27:37 | 011,349,206 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part6.rar
[2010/03/27 11:42:25 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gala - Search problem - Malwarebytes Forum.url
[2010/03/27 11:37:32 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RapidShare 1-CLICK Web hosting - Easy Filehosting.url
[2010/03/26 21:09:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/25 18:29:28 | 000,000,728 | -H-- | M] () -- C:\IPH.PH
[2010/03/25 18:29:24 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/23 23:13:45 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\JDownloader.lnk
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\zividalo
[2010/06/19 17:56:42 | 000,618,964 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Autoruns.zip
[2010/06/19 17:55:23 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cannot find CCombofixhidec.exe on Startup.url
[2010/06/19 17:48:01 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\can't uninstall combofix - MajorGeeks Support Forums.url
[2010/06/19 17:43:59 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combofix will not uninstall after using combofix -u.url
[2010/06/19 17:40:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$bands.doc
[2010/06/19 16:53:22 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 16:53:13 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2010/06/19 16:53:13 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2010/06/19 16:43:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$edish-English.doc
[2010/06/19 11:13:28 | 1072,123,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/12 11:53:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2010/06/12 11:36:45 | 000,004,367 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 20:36:22 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 11:34:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/06 22:24:38 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/04 17:40:43 | 014,466,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:43 | 000,528,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:24 | 000,588,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:32 | 000,235,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[2010/05/23 22:23:29 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/05/22 22:34:47 | 000,232,850 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273212747_greenroon_page_1_raave.jpg
[2010/05/22 00:41:36 | 000,143,548 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WIP___Hindsight_by_AmethystRealm.jpg
[2010/05/16 15:34:42 | 094,388,084 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part3.rar
[2010/05/16 13:05:16 | 100,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part2.rar
[2010/05/16 12:19:48 | 100,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Nest_-_2003_-_Woodsmoke.part1.rar
[2010/05/16 01:29:36 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2010/05/16 01:28:16 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:25:27 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/07 13:00:42 | 000,091,652 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186591-6083.jpg
[2010/05/07 12:59:53 | 000,072,277 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186590-6083.jpg
[2010/05/07 12:57:03 | 000,088,991 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186589-6083.jpg
[2010/05/07 12:56:45 | 000,076,918 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186588-6083.jpg
[2010/05/07 12:56:30 | 000,086,772 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186587-6083.jpg
[2010/05/07 12:56:16 | 000,084,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\186586-6083.jpg
[2010/05/07 12:54:39 | 000,602,606 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577694_silkysworld_robin_gobbles_hida_4.jpg
[2010/05/07 12:54:27 | 000,143,213 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269577166_silkysworld_robin_gobbles_hida_3.jpg
[2010/05/07 12:54:16 | 000,167,733 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576987_silkysworld_robin_gobbles_hida_2.jpg
[2010/05/07 12:54:05 | 000,210,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576842_silkysworld_robin_gobbles_hida_1.jpg
[2010/05/07 12:53:53 | 000,512,718 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269576296_silkysworld_robin_sits_on_hida.jpg
[2010/05/07 12:33:14 | 000,207,189 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729629_silkysworld_page_5.jpg
[2010/05/07 12:32:50 | 000,186,499 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729573_silkysworld_page_4.jpg
[2010/05/07 12:32:30 | 000,175,105 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729482_silkysworld_page_3.jpg
[2010/05/07 12:32:15 | 000,125,988 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729394_silkysworld_page_2.jpg
[2010/05/07 12:32:00 | 000,151,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1264729274_silkysworld_page_1.jpg
[2010/05/07 12:30:42 | 000,966,679 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident2.png
[2010/05/07 12:30:17 | 000,897,828 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\foshuaccident1.png
[2010/05/07 11:32:59 | 000,812,373 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1273185313_renaayama_rednef-small-by-renaayama.jpg
[2010/05/07 02:00:58 | 002,231,428 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269750157_renaayama_stomach-animation-by-renaayama.gif
[2010/05/07 02:00:20 | 001,285,385 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269564187_renaayama_throat--animation-by-renaayama.gif
[2010/05/07 01:59:04 | 005,471,423 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269223060_renaayama_inside-maw-animation-by-renaayama.gif
[2010/05/07 01:58:37 | 000,598,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269015222_renaayama_arcanine-maw-animated-by-renaayama.gif
[2010/05/07 01:58:05 | 000,965,889 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268010271_renaayama_arcanine-small-by-renaayama.jpg
[2010/04/28 11:29:21 | 000,153,641 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-024.jpg
[2010/04/28 11:28:22 | 000,267,523 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\story-023.jpg
[2010/04/23 22:19:01 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Usenet.nl.lnk
[2010/04/21 20:24:00 | 000,027,853 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\1c8acb5dc6fcfc074e3a2f6abfc3488b.gif
[2010/04/20 23:48:25 | 000,027,581 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s7.jpg
[2010/04/20 23:47:54 | 000,029,266 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\s6.jpg
[2010/04/20 23:46:02 | 000,030,551 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s10.jpg
[2010/04/13 22:26:09 | 000,015,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_july0609_160x200_6.jpg
[2010/04/13 22:00:40 | 000,023,488 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z3.jpg
[2010/04/13 22:00:34 | 000,014,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rl_fl0504_160x200_20.jpg
[2010/04/13 22:00:29 | 000,021,895 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\j_fl_oct3009_160x200_05.jpg
[2010/04/13 22:00:21 | 000,027,287 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s_fl_feb1009_160x200_02.jpg
[2010/04/13 22:00:09 | 000,029,829 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z1.jpg
[2010/04/13 21:59:57 | 000,039,412 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z8.jpg
[2010/04/13 21:59:34 | 000,032,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\z2.jpg
[2010/04/12 15:01:47 | 005,004,748 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part5.rar
[2010/04/12 14:44:57 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part4.rar
[2010/04/12 13:33:05 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part3.rar
[2010/04/08 21:02:02 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part2.rar
[2010/04/08 20:12:19 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Ferndale.part1.rar
[2010/04/08 18:03:16 | 067,298,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part3.rar
[2010/04/08 17:46:06 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/04/07 23:01:46 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part2.rar
[2010/04/07 22:27:04 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Southmayd.part1.rar
[2010/04/07 16:08:16 | 000,078,151 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grog.png
[2010/04/07 15:19:58 | 000,017,617 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\200px-Grog.jpg
[2010/04/06 22:15:45 | 000,834,569 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269983037_renaayama_taste-like-chicken-sketch--by-renaayama.jpg
[2010/04/04 13:41:02 | 000,287,192 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091884_blondevelvet18_scan0023.jpg
[2010/04/04 13:40:50 | 000,294,325 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270091755_blondevelvet18_scan0022.jpg
[2010/04/04 13:40:41 | 000,167,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375452_blondevelvet18_scan0054.jpg
[2010/04/04 13:40:21 | 000,184,566 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1268375178_blondevelvet18_scan0055.jpg
[2010/04/04 13:39:24 | 000,503,898 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270206116_cownugget_lynxvore.png
[2010/04/04 13:39:10 | 000,207,050 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1270180487_zephyx_occupied.jpg
[2010/03/31 17:09:53 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2010/03/31 17:08:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/31 17:08:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/31 16:53:53 | 000,000,393 | ---- | C] () -- C:\Program Files\Shortcut to Program Files.lnk
[2010/03/31 16:53:53 | 000,000,393 | ---- | C] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2010/03/31 14:28:45 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part1.rar
[2010/03/31 14:28:43 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part3.rar
[2010/03/31 13:43:43 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part2.rar
[2010/03/31 13:34:04 | 079,142,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Piedmont.part4.rar
[2010/03/30 23:26:08 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part2.rar
[2010/03/30 23:25:48 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part3.rar
[2010/03/30 23:25:05 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part1.rar
[2010/03/30 23:13:44 | 078,926,218 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PacificGrove.part4.rar
[2010/03/29 17:38:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/28 19:12:08 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/03/27 23:36:20 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part5.rar
[2010/03/27 23:35:33 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part2.rar
[2010/03/27 23:34:51 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part3.rar
[2010/03/27 23:34:19 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part1.rar
[2010/03/27 23:33:36 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part4.rar
[2010/03/27 22:27:37 | 011,349,206 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Pacifica.part6.rar
[2010/03/27 12:02:31 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\A guide and tutorial on using ComboFix.url
[2010/03/24 16:55:45 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/03/24 00:28:36 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gala - Search problem - Malwarebytes Forum.url
[2010/03/23 23:13:45 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\JDownloader.lnk
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== LOP Check ==========

[2009/12/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/27 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/29 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2006/06/24 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/24 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/29 13:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/03/16 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/23 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/17 13:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/19 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/18 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/11 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/20 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon.HOMEWORKFAST\Application Data\uTorrent
[2010/05/04 11:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\BitTorrent
[2010/05/04 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\Template
[2009/12/05 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/25 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Image Zone Express
[2009/12/25 12:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Leadertech
[2009/12/04 17:34:51 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/01 10:57:56 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/19 18:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 20 June 2010 - 07:24 AM

Hello, spl1h.
Weird...all those files showed in your last log, yet they were already deleted. Your antivirus must have caught them.

We still have some more leftovers.



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe File not found
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
    O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :files
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rucuilmq
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jtksue
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vfvxeyib
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\kwoirkj
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 23 June 2010 - 06:21 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 23 June 2010 - 11:45 PM

Sorry, tjere were big storms around.
The eset thing wouldn't load

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DISCover deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rucuilmq folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jtksue folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\vfvxeyib folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\kwoirkj folder moved successfully.

OTL by OldTimer - Version 3.2.7.0 log created on 06232010_151830

OTL logfile created on: 6/23/2010 3:18:49 PM - Run 5
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 15.71 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/08/21 12:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/16 05:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/02/21 19:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/08/27 04:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2004/07/28 02:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/02/14 00:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 21:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/viewforum.php?f=53
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 1C D3 25 B0 9C CA 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1060

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..keyword.url: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1060
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 12:15:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DFDCE6F4-FDF0-454E-B231-38435896628A}: C:\Documents and Settings\envis\Local Settings\Application Data\{DFDCE6F4-FDF0-454E-B231-38435896628A} [2010/01/22 22:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC03F70B-E79B-4998-A9EB-1473DD5EF242}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{EC03F70B-E79B-4998-A9EB-1473DD5EF242} [2010/01/22 22:20:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/01/18 15:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/03/12 17:07:55 | 000,000,000 | ---D | M]

[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions

O1 HOSTS File: ([2010/03/29 19:10:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 15:17:17 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/19 18:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Logs
[2010/06/19 16:55:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/19 16:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 16:48:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2010/06/11 00:19:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/05/28 15:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Windows Server
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/06/23 15:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/23 12:51:17 | 001,978,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791827.destinas_destinas-stomach-by-renaayama.gif
[2010/06/23 12:51:17 | 001,978,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791827.destinas_destinas-stomach-by-renaayama.gif
[2010/06/23 12:50:19 | 002,031,271 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791737.destinas_destinas-throat-animation-by-renaayama.gif
[2010/06/23 12:50:19 | 002,031,271 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791737.destinas_destinas-throat-animation-by-renaayama.gif
[2010/06/23 12:48:55 | 010,407,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791646.destinas_inside-destinas-maw-animation-by-renaayama.gif
[2010/06/23 12:48:55 | 010,407,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791646.destinas_inside-destinas-maw-animation-by-renaayama.gif
[2010/06/23 12:45:17 | 001,093,933 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791507.destinas_desti-maw.gif
[2010/06/23 12:45:17 | 001,093,933 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791507.destinas_desti-maw.gif
[2010/06/23 11:57:15 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/06/23 11:53:20 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/23 11:52:51 | 000,028,323 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/23 11:52:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 11:52:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 11:52:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 11:52:09 | 1072,123,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 21:26:19 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/06/19 23:57:26 | 000,246,691 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269790679_destinas_sandichnom.jpg
[2010/06/19 23:56:53 | 000,206,461 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269790860_destinas_destipurrr.jpg
[2010/06/19 23:56:53 | 000,206,461 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269790860_destinas_destipurrr.jpg
[2010/06/19 23:56:39 | 000,165,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1275344600_destinas_dsd_undressed.jpg
[2010/06/19 23:56:39 | 000,165,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1275344600_destinas_dsd_undressed.jpg
[2010/06/19 21:07:18 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/06/19 18:12:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/06/19 17:56:46 | 000,618,964 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Autoruns.zip
[2010/06/19 17:55:23 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cannot find CCombofixhidec.exe on Startup.url
[2010/06/19 17:48:01 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\can't uninstall combofix - MajorGeeks Support Forums.url
[2010/06/19 17:43:59 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combofix will not uninstall after using combofix -u.url
[2010/06/19 17:40:19 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$bands.doc
[2010/06/19 16:53:22 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 16:53:13 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2010/06/19 16:53:13 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2010/06/19 16:48:30 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2010/06/19 16:43:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$edish-English.doc
[2010/06/19 10:59:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/18 22:59:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/15 16:46:57 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/06/14 21:25:13 | 002,112,784 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/06/14 19:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/13 23:11:13 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 23:11:12 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 23:11:12 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 11:36:45 | 000,004,367 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 21:37:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/11 20:36:23 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 19:02:43 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 18:25:57 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/11 18:19:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/06/06 22:24:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/06 14:09:50 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 17:40:43 | 014,466,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:52 | 000,528,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:36 | 000,588,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:34 | 000,235,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\zividalo
[2010/06/23 12:53:35 | 010,407,553 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791646.destinas_inside-destinas-maw-animation-by-renaayama.gif
[2010/06/23 12:53:35 | 002,031,271 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791737.destinas_destinas-throat-animation-by-renaayama.gif
[2010/06/23 12:53:35 | 001,978,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791827.destinas_destinas-stomach-by-renaayama.gif
[2010/06/23 12:53:35 | 001,093,933 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269791507.destinas_desti-maw.gif
[2010/06/23 12:53:35 | 000,834,569 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269983037_renaayama_taste-like-chicken-sketch--by-renaayama.jpg
[2010/06/23 12:53:35 | 000,206,461 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1269790860_destinas_destipurrr.jpg
[2010/06/23 12:53:35 | 000,165,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of 1275344600_destinas_dsd_undressed.jpg
[2010/06/23 12:53:35 | 000,164,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Copy of A_Fighting_Stomach_Ache_by_MukatKiKaarn.jpg
[2010/06/23 12:50:49 | 001,978,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791827.destinas_destinas-stomach-by-renaayama.gif
[2010/06/23 12:47:08 | 010,407,553 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791646.destinas_inside-destinas-maw-animation-by-renaayama.gif
[2010/06/20 00:39:35 | 002,031,271 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791737.destinas_destinas-throat-animation-by-renaayama.gif
[2010/06/20 00:07:58 | 001,093,933 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269791507.destinas_desti-maw.gif
[2010/06/19 23:58:05 | 000,246,691 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269790679_destinas_sandichnom.jpg
[2010/06/19 23:57:20 | 000,206,461 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1269790860_destinas_destipurrr.jpg
[2010/06/19 23:57:01 | 000,165,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1275344600_destinas_dsd_undressed.jpg
[2010/06/19 17:56:42 | 000,618,964 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Autoruns.zip
[2010/06/19 17:55:23 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cannot find CCombofixhidec.exe on Startup.url
[2010/06/19 17:48:01 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\can't uninstall combofix - MajorGeeks Support Forums.url
[2010/06/19 17:43:59 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combofix will not uninstall after using combofix -u.url
[2010/06/19 17:40:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$bands.doc
[2010/06/19 16:53:22 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 16:53:13 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2010/06/19 16:53:13 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2010/06/19 16:43:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$edish-English.doc
[2010/06/19 11:13:28 | 1072,123,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/12 11:53:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2010/06/12 11:36:45 | 000,004,367 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Attach.rar
[2010/06/11 20:36:22 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 11:34:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/06/06 22:24:38 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2010/06/06 22:22:26 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\How to remove AV Security Suite (Uninstall Guide).url
[2010/06/04 17:40:43 | 014,466,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part3.rar
[2010/06/04 17:22:46 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part2.rar
[2010/06/04 16:31:24 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Madisonville.part1.rar
[2010/06/04 15:53:59 | 076,576,792 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part3.rar
[2010/06/04 15:33:44 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part2.rar
[2010/06/04 14:50:30 | 104,666,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mabank.part1.rar
[2010/05/29 09:01:43 | 000,528,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware-virus has taken over Administrator [Solved].mht
[2010/05/29 09:01:24 | 000,588,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Malware virus - now i cant see my desktop [Solved].mht
[2010/05/29 08:31:32 | 000,235,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tricky Virus or Spyware.mht
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
< End of report >

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 24 June 2010 - 04:53 PM

OK, please try this instead of ESET:

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Start Scanner to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 27 June 2010 - 08:07 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 28 June 2010 - 12:54 PM

That scanner isn't working either. It doesn't give a popup or anything when I click the scan icon.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 28 June 2010 - 05:14 PM

did you try both Firefox and IE? Or just one? That information will help me narrow down the malware.

Also, I think you missed my question above. I had asked if you had a proxy set up for port 1060. Do you know about that proxy? I removed the known bad one (port 5500), but I'd like to remove this other proxy unless you know what it is.

Edited by etavares, 28 June 2010 - 05:17 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 29 June 2010 - 09:11 PM

Hello there. smile.gif

I'm Extremeboy (or EB for short) and I will continue to help your log here.

Etavares as mentioned in his Signature that he will be away from the 1st of July to the 11th and so I will help him take over for the time being.

--
Please follow instructions as mentioned in his last post and follow me up with any updates etc... and we will continue from there. If you have any questions etc... feel free to ask.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 July 2010 - 09:06 AM

I don't know about any proxies, so it probably is something to do with the virus. And the firefox thing, do you mean just installing and going to a bunch of sites?

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 03 July 2010 - 10:49 AM

Hello.

Please take a new OTL scan for me and post the log.

QUOTE
And the firefox thing, do you mean just installing and going to a bunch of sites?

What question was this referring to?

Can you also please give me an update of the condition of your machine please.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users