This topic is locked
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by HP_Administrator at 11:22:12.95 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702
============== Running Processes ===============
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916132512.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: IE Translator: {531c49a7-179f-43ca-af5e-af375fbb8840} - c:\program files\sarm software\ietranslator\Translator.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wketovidogosi] rundll32.exe "c:\windows\kbockb.dll",Startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\nancy.homeworkfast\local settings\application data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
FF - HiddenExtension: XULRunner: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} - c:\documents and settings\hp_administrator\local settings\application data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
FF - HiddenExtension: XULRunner: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74} - c:\documents and settings\nancy.homeworkfast\local settings\application data\{6afa6825-ea8b-4651-a09e-67d3a06dca74}\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R? cfwids;McAfee Inc. cfwids
R? CXFALCON;Conexant Falcon II NTSC Video Capture
R? eqvlbni;eqvlbni
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? khqlmxop;khqlmxop
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McrdSvc;Media Center Extender Service
R? McShield;McShield
R? mfeavfk;McAfee Inc. mfeavfk
R? mfebopk;McAfee Inc. mfebopk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? nosGetPlusHelper;getPlus® Helper 3004
R? ResultDns Service;ResultDns Service
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
=============== Created Last 30 ================
2010-09-24 18:29:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 18:29:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 02:41:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-15 20:26:02 264 ----a-w- c:\windows\system32\MRT.INI
2010-09-15 20:26:02 0 d-----w- c:\windows\system32\MpEngineStore
2010-09-11 19:50:18 120 ----a-w- c:\windows\Byosigududi.dat
2010-09-11 19:50:18 0 ----a-w- c:\windows\Rwilegirifadu.bin
2010-09-11 19:39:46 0 ----a-w- c:\windows\system32\drivers\eqvlbni.sys
2010-09-11 19:39:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-09-11 19:39:29 172064 ----a-w- c:\windows\system32\drivers\str.sys
2010-09-11 19:39:16 69504 ----a-w- c:\windows\system32\drivers\oopuhnpkpjv.sys
2010-09-11 19:38:06 4 ----a-w- c:\docume~1\hp_adm~1\applic~1\avdrn.dat
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-05 18:05:25 3252 ----a-w- c:\windows\system32\wbem\Outlook_01cb4d24ea19881f.mof
==================== Find3M ====================
2010-08-24 18:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 18:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 18:57:38 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 18:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 18:57:38 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 18:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 18:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 18:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 18:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 18:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-08-12 00:29:05 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut (2) to Program Files.lnk
2006-07-12 23:03:22 251 ------w- c:\program files\wt3d.ini
2009-08-11 03:27:04 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-01-27 03:01:42 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-16 19:12:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\internet explorer\domstore\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat
============= FINISH: 11:23:12.35 ===============
OTL
OTL logfile created on: 9/28/2010 8:22:53 PM - Run 11
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 824.00 Mb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 2.54 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/08 13:17:12 | 000,057,608 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns117.exe -- (ResultDns Service)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
========== Driver Services (SafeList) ==========
DRV - [2010/09/23 00:27:31 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\eqvlbni.sys -- (eqvlbni)
DRV - [2010/09/11 15:52:16 | 000,069,504 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\oopuhnpkpjv.sys -- (khqlmxop)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/search.php?keyword...uthor=elportero
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 99 17 9F 5A 4C CB 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}:1.9.1
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}:1.9.1
FF - prefs.js..extensions.enabledItems: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74}:1.9.1
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/26 12:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} [2010/09/21 09:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}\ [2010/09/14 08:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/09/27 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions
[2010/09/10 10:00:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/03 10:33:49 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/09/27 11:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 22:41:03 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}
[2010/08/10 20:53:47 | 000,211,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\gpff.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/07 22:30:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/08/25 19:53:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100916132512.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Wketovidogosi] C:\WINDOWS\kbockb.DLL ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: defray32 - (C:\WINDOWS\system32\cmdljava.dll) - C:\WINDOWS\System32\cmdljava.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/24 14:29:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/24 14:29:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/21 09:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
[2010/09/20 22:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/15 16:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/05 19:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477_files
[2010/08/26 18:34:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/26 08:12:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/24 17:38:52 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2010/08/13 12:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/12 13:43:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/11 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\ResultDns
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/08/07 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/07 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/22 10:30:32 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/07/22 10:30:19 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/07/22 10:30:19 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/07/22 10:30:19 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/07/22 10:30:19 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/07/22 10:30:19 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/07/22 10:30:19 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/07/18 19:38:33 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/07/11 10:35:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/11 10:28:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/11 10:20:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/11 10:20:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/11 10:20:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 20:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Binverse
[2010/07/01 20:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Binverse
[2010/07/01 14:22:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/07/01 14:22:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/07/01 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/07/01 14:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/28 20:21:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/28 11:36:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/28 11:17:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/28 11:15:11 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/09/28 11:11:59 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/28 10:51:49 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/09/27 23:47:10 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/09/27 23:47:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/09/27 23:43:31 | 001,045,512 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/09/27 20:32:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byosigududi.dat
[2010/09/27 20:29:03 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/27 19:48:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/27 16:41:01 | 000,000,496 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/09/27 16:19:21 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/09/27 10:03:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/09/26 10:48:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/24 14:29:52 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 00:27:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/22 00:24:29 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/09/21 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/20 22:55:42 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/15 16:29:55 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 16:29:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 16:26:02 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/12 18:34:48 | 000,010,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:52:16 | 000,069,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:40:05 | 000,172,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:38:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:56:08 | 000,988,454 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:52 | 000,077,802 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/05 14:05:25 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/05 14:05:24 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/05 14:05:23 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 14:28:35 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:55 | 000,007,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/26 08:29:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/26 08:11:39 | 003,828,374 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/08/25 19:53:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/24 17:26:43 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/15 21:31:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\english.doc
[2010/08/13 18:07:24 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 18:58:25 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 13:35:00 | 000,236,544 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\pev.exe
[2010/08/12 13:35:00 | 000,009,103 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ncmd.cfxxe
[2010/08/12 13:35:00 | 000,000,476 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.reg
[2010/08/08 11:11:46 | 000,064,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/07 22:37:59 | 000,063,525 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/07 21:20:54 | 000,009,179 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[2010/07/29 19:41:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nglish.doc
[2010/07/27 18:39:19 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\chinese-english.doc
[2010/07/25 12:27:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$inese-english.doc
[2010/07/21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2010/07/18 19:45:42 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AV Security Suite.url
[2010/07/18 19:38:27 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HelpAsst_mebroot_fix.exe
[2010/07/11 10:35:43 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/01 14:22:59 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/07/01 14:22:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/27 20:29:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/24 14:29:52 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 22:55:42 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:25 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/15 16:26:02 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 09:17:20 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/12 18:34:46 | 000,010,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:50:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Byosigududi.dat
[2010/09/11 15:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/09/11 15:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/11 15:39:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:39:29 | 000,172,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:16 | 000,069,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:38:06 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:55:59 | 000,988,454 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:49 | 000,077,802 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/04 14:28:35 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:48 | 000,007,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/25 19:15:18 | 003,828,374 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/08/24 18:14:55 | 000,044,674 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\bootkit_remover_debug_log.txt
[2010/08/24 17:26:38 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/22 11:39:30 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/12 13:34:41 | 000,236,544 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\pev.exe
[2010/08/12 13:34:41 | 000,009,103 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ncmd.cfxxe
[2010/08/12 13:34:41 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.reg
[2010/08/07 23:12:14 | 000,009,179 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[2010/08/07 22:37:59 | 000,063,525 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/29 19:41:26 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$nglish.doc
[2010/07/28 23:58:27 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\english.doc
[2010/07/27 17:55:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/07/27 17:55:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/27 17:55:33 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/07/27 17:55:33 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/07/27 17:55:26 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/07/27 17:55:26 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/27 17:55:26 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/07/27 17:55:26 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/07/27 17:55:26 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/07/27 17:55:26 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/07/27 17:55:26 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/07/27 17:55:26 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/07/27 17:55:26 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/07/27 17:55:26 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/07/27 17:55:26 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/07/27 17:55:26 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/07/27 17:55:26 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/07/27 17:55:26 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/07/27 17:55:26 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/07/27 17:55:26 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/07/27 17:55:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/07/27 17:55:25 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/27 17:55:25 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/07/27 17:55:25 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/27 17:55:25 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/07/27 17:55:25 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/07/27 17:55:25 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/07/27 17:55:23 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/07/27 17:55:23 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/07/27 17:55:23 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/07/27 17:55:23 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/07/27 17:55:23 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/27 17:55:22 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/27 17:55:22 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/07/27 17:55:22 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/07/27 17:55:22 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/27 17:55:21 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/27 17:55:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/27 17:55:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/27 17:55:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/07/27 17:55:15 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/27 17:55:15 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/07/27 17:55:15 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/07/27 17:55:15 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/27 17:54:59 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/27 17:54:59 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/07/27 17:54:59 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/27 17:54:59 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/07/27 17:54:59 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/27 17:54:59 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/07/27 17:54:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/27 17:54:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/07/27 17:54:59 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/27 17:54:59 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/07/27 17:54:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/27 17:54:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/07/27 17:54:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/27 17:54:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/07/27 17:54:59 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/07/27 17:54:59 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/25 12:27:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\~$inese-english.doc
[2010/07/25 00:25:47 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\chinese-english.doc
[2010/07/18 19:45:42 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AV Security Suite.url
[2010/07/18 19:44:39 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\mbr.log
[2010/07/16 15:10:49 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HelpAsst_mebroot_fix.exe
[2010/07/11 10:20:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/11 10:20:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 10:20:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 10:20:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 10:20:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/01 14:23:15 | 000,000,496 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/07/01 14:22:55 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/07/01 14:22:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\kbockb.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll
========== LOP Check ==========
[2009/12/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/27 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/29 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2006/06/24 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/24 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/29 13:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/03/16 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/23 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/08 17:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/01/17 13:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/13 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/10/19 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/20 22:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/18 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/11 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/20 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon.HOMEWORKFAST\Application Data\uTorrent
[2010/06/30 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\BitTorrent
[2010/05/04 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\Template
[2009/12/05 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/25 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Image Zone Express
[2009/12/25 12:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Leadertech
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
< End of report >
GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-28 20:08:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxddykog.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72EF054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72EF068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs F687B400
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b0
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\10 - The Violent Sequence.flac 24148874 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat (Soundtrack Ver).flac 17933541 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\02 - Heart Beat, Pig Meat (Film Ver).flac 16260357 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\03 - Crumbling Land (Soundtrack Ver).flac 29038768 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\04 - Crumbling Land (Fast Ver).flac 33696855 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\05 - Crumbling Land (Extended Ver).flac 34707906 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\06 - Crumbling Land (Film Ver).flac 3290094 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\07 - Crumbling Land (Rock Ver).flac 11707207 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\08 - Come In Number 51, Your Time Is Up (Soundtrack Ver).flac 30110373 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\09 - Come In Number 51, Your Time Is Up (Film Ver).flac 28046327 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\11 - Love Scene 2 (Vibes).flac 30657035 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\12 - Unknown Song (Soundtrack Ver).flac 34032108 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\13 - Unknown Song (Rough Ver).flac 41442509 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\14 - Unknown Song (Early Ver).flac 35444273 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\15 - Unknown Song (Alternate Ver).flac 33672623 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\16 - Moonhead (BBC-TV 07.69, Documentary On The Lunar Landing).flac 19739112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[FLAC].m3u 702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[WAV].CUE 1525 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\09 - Oenone (Final Ver).flac 31865295 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\01 - Country Song (Soundtrack Ver).flac 27429411 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\02 - Country Song (Alternate Ver).flac 38912339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\03 - Country Song (Humming Ver).flac 12049752 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\04 - Country Song (Instrumental).flac 7670109 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\05 - Love Scene 6 (Soundtrack Ver, Blues).flac 41908316 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\06 - Love Scene 6 (Alternate Ver).flac 43604493 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\07 - Love Scene 4 (Soundtrack Ver).flac 25580829 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\08 - Love Scene 4 (Piano-Vibes Mix).flac 16061121 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\10 - Oenone (Early Ver).flac 21915702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\11 - Oenone (Extended Ver).flac 33552125 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\12 - Oenone (Short Ver).flac 5206819 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\13 - Oenone (Alternate Ver).flac 16892675 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\14 - Fingal's Cave.flac 12299658 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\15 - Main Theme (The Committee Soundtrack, 05.68).flac 16910531 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\16 - Zappa-Set The Controls (All My Loving- UK TV, 08.18.68).flac 21100688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).CUE 1466 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).m3u 643 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat.flac 16961219 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\02 - Brother Mary.flac 17019339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\03 - Dark Star (Excerpt).flac 15514175 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\04 - Crumbling Land.flac 27945471 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\05 - Tennessee Waltz.flac 10507326 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\06 - Sugar Babe.flac 15512031 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\07 - Love Scene.flac 35071428 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\08 - I Wish I Was A Single Girl Again.flac 8194119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\09 - Mickey's Tune.flac 11092112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\10 - Dance Of Death.flac 14930861 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\11 - Come In Number 51, Your Time Is Up.flac 30138169 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1) Fingerprint.txt 688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1).log 3143 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[FLAC].m3u 334 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[WAV].cue 1963 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\01 - Love Scene Improvisations Version 1.flac 21629128 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\02 - Love Scene Improvisations Version 2.flac 27582518 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\03 - Love Scene Improvisations Version 3.flac 26510707 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\04 - Love Scene Improvisations Version 4.flac 27164089 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\05 - Country Song.flac 27521119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\06 - Unknown Song.flac 34090443 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\07 - Love Scene Version 6.flac 41799030 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\08 - Love Scene Version 4.flac 25693421 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes) Fingerprint.txt 564 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes).log 2545 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[FLAC].m3u 309 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[WAV].cue 1619 bytes
---- EOF - GMER 1.0.15 ----
Attached Files
-
Attach.txt 10.28KB
0 downloads
Back to top
