Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 spl1h

spl1h

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 08 August 2010 - 02:37 PM

Need to see if it's still around.

ComboFix log attatched

Attached Files

  • Attached File  log.txt   28.81KB   7 downloads


BC AdBot (Login to Remove)

 


#2 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 14 August 2010 - 06:33 PM

Sorry if it's unnecessary to make a new topic; I just thought it was, since I've been infected by a virus between the last topic and now, around the 11th or 12th. I ran ComboFix in safe mode when it blocked all programs otherwise. It now runs, but there are popups that come when I log in:

RUNDLL
Error loadingC\windows\eloluqizevax.dll
The specific module could not be found.

and

Warning
Files required by GabPath have been removed. Would you like to re-install the missing files?

When I get on IE, another popup, about search engines:

Internet Explorer –Search Provider Default
A program on your computer has corrupted your search provider for Internet Explorer. Internet Explorer has reset the settings to your original search provider, Search (www.tangosearch.com). Internet Explorer will now open your search settings, where you can change this setting or install more search providers.

Then it brings up a menu to select search providers. It doesn't seem to matter whether I select any or say to stop recommending searches; it always comes up when I go to IE, and I closed the "Tango" tab.

The ComboFix log:

Attached Files

  • Attached File  log.txt   28.81KB   6 downloads

Edited by Orange Blossom, 14 August 2010 - 07:52 PM.
Merged topics. ~ OB


#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:59 AM

Posted 16 August 2010 - 02:40 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 18 August 2010 - 11:48 PM

DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 23:07:33.85 on Wed 08/18/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns113.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ResultDns\resultdns.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.tangotoolbar.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100810125624.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: IE Translator: {531c49a7-179f-43ca-af5e-af375fbb8840} - c:\program files\sarm software\ietranslator\Translator.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {B90EC7F6-816F-4BFA-948B-6CB6082E55EC} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SfKg6wIPuSp] c:\documents and settings\hp_administrator\application data\microsoft\windows\jnipmo.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Akadunojagiqete] rundll32.exe "c:\windows\eloluqizevax.dll",Startup
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\nancy.homeworkfast\local settings\application data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
FF - HiddenExtension: XULRunner: {E87E7167-4ABF-4E0F-A544-8120957F789E} - c:\documents and settings\hp_administrator\local settings\application data\{E87E7167-4ABF-4E0F-A544-8120957F789E}
FF - HiddenExtension: XULRunner: {2F93634A-7F97-48D0-9297-817C33F6B0B3} - c:\documents and settings\envis\local settings\application data\{2f93634a-7f97-48d0-9297-817c33f6b0b3}\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? fsssvc;Windows Live Family Safety Service
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? SASENUM;SASENUM
S? cfwids;McAfee Inc. cfwids
S? CXFALCON;Conexant Falcon II NTSC Video Capture
S? fssfltr;fssfltr
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McrdSvc;Media Center Extender Service
S? McShield;McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
S? ResultDns Service;ResultDns Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL

=============== Created Last 30 ================

2010-08-12 00:06:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-11 00:21:22 0 d-----w- c:\program files\ResultDns
2010-08-11 00:21:22 0 d-----w- c:\docume~1\alluse~1\applic~1\ResultDns
2010-08-11 00:16:51 0 ----a-w- c:\windows\Rwilegirifadu.bin
2010-08-11 00:16:50 2853 ----a-w- c:\windows\Byosigududi.dat
2010-08-11 00:16:24 5 ----a-w- C:\zrpt.xml
2010-08-08 00:39:59 0 d-----w- c:\program files\MSECache
2010-07-27 21:54:59 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-07-22 14:30:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-22 14:30:19 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-22 14:30:19 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-07-22 14:30:19 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-22 14:30:19 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-07-22 14:30:19 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-22 14:30:19 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

==================== Find3M ====================

2010-08-12 00:29:05 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut (2) to Program Files.lnk
2006-07-12 23:03:22 251 ------w- c:\program files\wt3d.ini
2009-08-11 03:27:04 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-01-27 03:01:42 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-16 19:12:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\internet explorer\domstore\index.dat
2010-01-16 23:58:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011620100117\index.dat
2010-01-17 15:30:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011720100118\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 23:12:26.93 ===============

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-19 11:08:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxddykog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \FileSystem\Cdfs \Cdfs F6BA6400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b0
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\10 - The Violent Sequence.flac 24148874 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat (Soundtrack Ver).flac 17933541 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\02 - Heart Beat, Pig Meat (Film Ver).flac 16260357 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\03 - Crumbling Land (Soundtrack Ver).flac 29038768 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\04 - Crumbling Land (Fast Ver).flac 33696855 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\05 - Crumbling Land (Extended Ver).flac 34707906 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\06 - Crumbling Land (Film Ver).flac 3290094 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\07 - Crumbling Land (Rock Ver).flac 11707207 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\08 - Come In Number 51, Your Time Is Up (Soundtrack Ver).flac 30110373 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\09 - Come In Number 51, Your Time Is Up (Film Ver).flac 28046327 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\11 - Love Scene 2 (Vibes).flac 30657035 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\12 - Unknown Song (Soundtrack Ver).flac 34032108 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\13 - Unknown Song (Rough Ver).flac 41442509 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\14 - Unknown Song (Early Ver).flac 35444273 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\15 - Unknown Song (Alternate Ver).flac 33672623 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\16 - Moonhead (BBC-TV 07.69, Documentary On The Lunar Landing).flac 19739112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[FLAC].m3u 702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[WAV].CUE 1525 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\09 - Oenone (Final Ver).flac 31865295 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\01 - Country Song (Soundtrack Ver).flac 27429411 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\02 - Country Song (Alternate Ver).flac 38912339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\03 - Country Song (Humming Ver).flac 12049752 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\04 - Country Song (Instrumental).flac 7670109 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\05 - Love Scene 6 (Soundtrack Ver, Blues).flac 41908316 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\06 - Love Scene 6 (Alternate Ver).flac 43604493 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\07 - Love Scene 4 (Soundtrack Ver).flac 25580829 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\08 - Love Scene 4 (Piano-Vibes Mix).flac 16061121 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\10 - Oenone (Early Ver).flac 21915702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\11 - Oenone (Extended Ver).flac 33552125 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\12 - Oenone (Short Ver).flac 5206819 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\13 - Oenone (Alternate Ver).flac 16892675 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\14 - Fingal's Cave.flac 12299658 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\15 - Main Theme (The Committee Soundtrack, 05.68).flac 16910531 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\16 - Zappa-Set The Controls (All My Loving- UK TV, 08.18.68).flac 21100688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).CUE 1466 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).m3u 643 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat.flac 16961219 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\02 - Brother Mary.flac 17019339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\03 - Dark Star (Excerpt).flac 15514175 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\04 - Crumbling Land.flac 27945471 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\05 - Tennessee Waltz.flac 10507326 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\06 - Sugar Babe.flac 15512031 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\07 - Love Scene.flac 35071428 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\08 - I Wish I Was A Single Girl Again.flac 8194119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\09 - Mickey's Tune.flac 11092112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\10 - Dance Of Death.flac 14930861 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\11 - Come In Number 51, Your Time Is Up.flac 30138169 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1) Fingerprint.txt 688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1).log 3143 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[FLAC].m3u 334 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[WAV].cue 1963 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\01 - Love Scene Improvisations Version 1.flac 21629128 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\02 - Love Scene Improvisations Version 2.flac 27582518 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\03 - Love Scene Improvisations Version 3.flac 26510707 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\04 - Love Scene Improvisations Version 4.flac 27164089 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\05 - Country Song.flac 27521119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\06 - Unknown Song.flac 34090443 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\07 - Love Scene Version 6.flac 41799030 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\08 - Love Scene Version 4.flac 25693421 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes) Fingerprint.txt 564 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes).log 2545 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[FLAC].m3u 309 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[WAV].cue 1619 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by spl1h, 19 August 2010 - 03:04 PM.


#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:59 AM

Posted 24 August 2010 - 03:25 PM

Hi spl1h,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.

Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it will result into an unbootable machine.
If you still need help, please follow the following steps and detail the problems you're still experiencing now.



Step1
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  6. Copy and paste both logs back here in your next reply.


Step2
  1. Go to this thread and Download Bootkit Remover.rar to your Desktop.
  2. Extract its contents to your desktop and drag remover.exe on the desktop, not in the folder.
  3. Start > Run and type cmd and hit enter, copy/paste the following bolded command into command prompt and hit Enter.

    "%userprofile%\desktop\remover.exe" >"%userprofile%\desktop\log.txt"

  4. When done, a log file should be created on your desktop named "remover.txt". Please copy and paste the contents in your next reply.


In your next reply, please post back:

1.OTListIt.txt and Extra.txt
2.Remover.txt Thanks




#6 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 24 August 2010 - 05:33 PM

There wasn't any "extra.exe" that came up, nor did the cmd show any "remover.txt"...

Attached Files



#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:59 AM

Posted 24 August 2010 - 07:31 PM

Hi spl1h,



QUOTE
nor did the cmd show any "remover.txt

There should be a log txt on your desktop. If not, please rerun it with the following command. "%userprofile%\desktop\remover.exe" >"%userprofile%\desktop\remover.txt".

After that, please uninstall Ask and Tango Toolbar (if found) via Add/Remove programs before proceeding the following steps.



Step1
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly from Here .
  2. Close any open browsers
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  4. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
File::
C:\WINDOWS\System32\zividalo
C:\WINDOWS\Rwilegirifadu.bin
C:\WINDOWS\Byosigududi.dat
C:\zrpt.xml
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\Users\hp_administrator\AppData\Roaming\Microsoft\Windows\jnipmo.exe

DDS::
uStart Page = hxxp://home.tangotoolbar.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {B90EC7F6-816F-4BFA-948B-6CB6082E55EC} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SfKg6wIPuSp] c:\documents and settings\hp_administrator\application data\microsoft\windows\jnipmo.exe
mRun: [Akadunojagiqete] rundll32.exe "c:\windows\eloluqizevax.dll",Startup

Folder::
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{E87E7167-4ABF-4E0F-A544-8120957F789E}
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jqqjycpbd
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Gabpath
C:\Users\HP_Administrator\AppData\Roaming\GabPath


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



In your next reply, please post back:


1.ComboFix log
2.MBAM log
3.Remover txt

Tell me if you have any remaining issues on your pc.




#8 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 26 August 2010 - 07:47 AM

...

ComboFix 10-08-25.01 - HP_Administrator 08/26/2010 8:17.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\users\hp_administrator\AppData\Roaming\Microsoft\Windows\jnipmo.exe"
"c:\windows\Byosigududi.dat"
"c:\windows\Rwilegirifadu.bin"
"c:\windows\System32\zividalo"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
"C:\zrpt.xml"
.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-21 02:38 . 2010-08-21 00:48 57608 ----a-w- c:\documents and settings\All Users\Application Data\ResultDns\resultdns115.exe
2010-08-12 00:59 . 2010-08-12 00:59 -------- d-----w- c:\documents and settings\envis\Local Settings\Application Data\Mozilla
2010-08-12 00:06 . 2010-08-13 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-11 00:21 . 2010-08-21 16:17 -------- d-----w- c:\program files\ResultDns
2010-08-11 00:21 . 2010-08-21 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ResultDns
2010-08-08 00:39 . 2010-08-08 00:39 -------- d-----w- c:\program files\MSECache
2010-08-05 22:18 . 2010-08-05 22:18 -------- d-----w- c:\documents and settings\Nancy.HOMEWORKFAST\Logs
2010-07-27 21:54 . 2004-08-09 21:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 23:51 . 2010-01-03 01:57 -------- d-----w- c:\program files\Ask.com
2010-08-23 21:39 . 2006-06-24 15:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-19 19:49 . 2010-01-16 05:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 22:58 . 2010-01-10 02:09 -------- d-----w- c:\program files\MP4 Player
2010-08-12 22:58 . 2006-06-24 15:05 -------- d-----w- c:\program files\MSN Encarta Standard
2010-08-12 22:58 . 2006-06-24 15:16 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 22:58 . 2006-06-24 15:06 -------- d-----w- c:\program files\music_now
2010-08-12 22:58 . 2006-06-24 15:28 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-08-12 22:58 . 2006-07-05 22:46 -------- d-----w- c:\program files\Sierra On-Line
2010-08-12 22:58 . 2010-04-24 02:18 -------- d-----w- c:\program files\Usenet.nl
2010-08-12 00:56 . 2010-01-23 04:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-12 00:29 . 2004-08-10 04:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-08-11 00:41 . 2010-01-03 01:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2010-08-08 15:11 . 2009-11-30 16:16 64576 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 15:02 . 2009-12-04 21:34 -------- d-----w- c:\program files\McAfee.com
2010-07-23 15:39 . 2007-12-05 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-23 15:39 . 2009-12-04 21:34 -------- d-----w- c:\program files\McAfee
2010-07-23 15:38 . 2009-12-04 21:34 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-02 03:39 . 2006-06-24 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-07-02 02:58 . 2010-01-03 01:56 -------- d-----w- c:\program files\BitTorrent
2010-07-02 00:19 . 2010-07-02 00:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Binverse
2010-07-01 18:22 . 2010-07-01 18:22 -------- d-----w- c:\program files\Norton Security Scan
2010-07-01 18:22 . 2009-12-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 18:21 . 2010-07-01 18:21 -------- d-----w- c:\program files\NortonInstaller
2010-06-30 18:27 . 2010-05-04 14:06 -------- d-----w- c:\documents and settings\envis\Application Data\BitTorrent
2010-06-30 16:51 . 2006-12-06 20:26 -------- d-----w- c:\program files\DivX
2010-06-30 16:50 . 2010-05-16 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-30 16:50 . 2010-05-16 04:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-30 12:31 . 2004-08-10 04:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 01:56 . 2010-06-24 01:56 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-06-23 13:44 . 2004-08-10 04:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 04:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-01 00:32 . 2010-07-22 14:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 00:32 . 2010-07-22 14:30 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 00:32 . 2010-07-22 14:30 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 00:32 . 2010-07-22 14:30 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 00:32 . 2010-07-22 14:30 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 00:32 . 2010-07-22 14:30 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 00:32 . 2010-07-22 14:30 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 00:32 . 2009-12-04 21:35 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 00:32 . 2009-12-04 21:35 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 00:32 . 2009-12-04 21:35 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-31 20:53 . 2010-03-31 20:53 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-03-31 20:53 . 2010-03-31 20:53 393 ----a-w- c:\program files\Shortcut (2) to Program Files.lnk
2006-07-12 23:03 . 2006-07-12 23:03 251 ------w- c:\program files\wt3d.ini
2010-08-11 00:53 . 2010-08-11 00:53 211456 ----a-w- c:\program files\mozilla firefox\components\gpff.dll
2010-06-01 00:32 . 2010-08-10 16:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-08-11 03:27 . 2009-08-11 01:27 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-08-25_23.53.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-26 11:52 . 2010-08-26 11:52 16384 c:\windows\temp\Perflib_Perfdata_90.dat
- 2010-08-08 04:17 . 2010-08-24 22:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-08 04:17 . 2010-08-26 01:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 20:51 . 2010-08-26 01:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2010-08-24 22:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-08-26 01:00 . 2010-08-26 01:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-08-13 20:17 . 2010-08-24 22:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-26 11:55 . 2010-08-26 11:55 188416 c:\windows\ERDNT\AutoBackup\8-26-2010\Users\00000002\UsrClass.dat
+ 2010-08-26 11:55 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-26-2010\ERDNT.EXE
+ 2010-08-26 11:55 . 2010-08-26 11:55 6152192 c:\windows\ERDNT\AutoBackup\8-26-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-24 180269]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-24 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MP4 Player\\Mp4Player.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/22/2010 10:30 AM 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/4/2009 5:37 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 10:30 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 10:30 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/22/2010 10:30 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [7/22/2010 10:30 AM 141792]
R2 ResultDns Service;ResultDns Service;c:\documents and settings\All Users\Application Data\ResultDns\resultdns115.exe [8/20/2010 10:38 PM 57608]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/22/2010 10:30 AM 55456]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/24/2006 10:47 AM 82048]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/22/2010 10:30 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 10:30 AM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 10:30 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/22/2010 10:30 AM 83496]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-08-24 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-01 05:27]

2010-08-17 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-12-16 21:45]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(412)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\ResultDns\resultdns.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-26 08:32:48
ComboFix-quarantined-files.txt 2010-08-26 12:32
ComboFix2.txt 2010-08-26 00:00
ComboFix3.txt 2010-08-13 16:24
ComboFix4.txt 2010-08-08 15:40
ComboFix5.txt 2010-08-26 12:12

Pre-Run: 2,252,619,776 bytes free
Post-Run: 2,228,695,040 bytes free

- - End Of File - - 11AB77BB968285ABF3F844B1074FC558

Edited by spl1h, 26 August 2010 - 07:50 AM.


#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:59 AM

Posted 26 August 2010 - 09:08 AM

Hi spl1h,


The attached file (mbr.txt) is not what i intend to see. I have no idea how this log comes out. Did you get help elsewhere? unsure.gif

Can you post the remover txt and MBAM log as well in your next reply? Thanks

Edited by sundavis, 27 August 2010 - 03:26 AM.


#10 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 26 August 2010 - 06:24 PM

This log?

Attached Files

  • Attached File  log.txt   735bytes   1 downloads


#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:59 AM

Posted 26 August 2010 - 10:01 PM

Hi spl1h,



The MBAM log is still unavailable. dry.gif Can you rerun it as instructed in my previous post and post the log in your next reply? Thanks


Step1.

1.Start > Run and type cmd and hit enter, copy/paste the following bolded command into command prompt and hit Enter.

"%userprofile%\desktop\remover.exe" fix \\.\PhysicalDrive0

2.When done, restart your pc. After that, please rerun it as instructed in my previous post and post the content in your next reply.


In your next reply, please post back:

1.Remover.txt
2.MBAM log

Let me know if you still have any remaining issues on your pc.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:59 AM

Posted 02 September 2010 - 12:56 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users