Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials (and domething else?)


  • This topic is locked This topic is locked
13 replies to this topic

#1 spl1h

spl1h

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 30 October 2010 - 08:04 AM

I got hit again; first with something that's been slowing the computer down, then with "Microsoft Security Essentials." It's been blocking my internet access, and I'm now using someone else's computer.

DDS


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by HP_Administrator at 0:12:42.79 on Tue 10/26/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uWinlogon: Shell=c:\documents and settings\hp_administrator\application data\hotfix.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916132512.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: IE Translator: {531c49a7-179f-43ca-af5e-af375fbb8840} - c:\program files\sarm software\ietranslator\Translator.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wketovidogosi] rundll32.exe "c:\windows\kbockb.dll",Startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\nancy.homeworkfast\local settings\application data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
FF - HiddenExtension: XULRunner: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} - c:\documents and settings\hp_administrator\local settings\application data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
FF - HiddenExtension: XULRunner: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74} - c:\documents and settings\nancy.homeworkfast\local settings\application data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}
FF - HiddenExtension: XULRunner: {564CAAC7-5546-4484-A7ED-7C77101CD0F5} - c:\documents and settings\envis\local settings\application data\{564caac7-5546-4484-a7ed-7c77101cd0f5}\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? cfwids;McAfee Inc. cfwids
R? CXFALCON;Conexant Falcon II NTSC Video Capture
R? eqvlbni;eqvlbni
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? khqlmxop;khqlmxop
R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McrdSvc;Media Center Extender Service
R? McShield;McShield
R? mfeavfk;McAfee Inc. mfeavfk
R? mfebopk;McAfee Inc. mfebopk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? nosGetPlusHelper;getPlus® Helper 3004
R? ResultDns Service;ResultDns Service
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service

=============== Created Last 30 ================

2010-10-26 03:46:49 515072 ----a-w- c:\docume~1\hp_adm~1\applic~1\hotfix.exe
2010-10-13 00:33:45 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 00:33:45 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 00:33:00 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 00:16:51 590848 ----a-w- c:\windows\system32\SETE8C.tmp

==================== Find3M ====================

2010-09-23 04:27:31 0 ----a-w- c:\windows\system32\drivers\eqvlbni.sys
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 16:23:26 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-11 19:52:16 69504 ----a-w- c:\windows\system32\drivers\oopuhnpkpjv.sys
2010-09-11 19:40:05 172064 ----a-w- c:\windows\system32\drivers\str.sys
2010-09-11 19:38:06 4 ----a-w- c:\docume~1\hp_adm~1\applic~1\avdrn.dat
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 11:51:14 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 13:42:52 1852800 ------w- c:\windows\system32\dllcache\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 08:02:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-08-26 13:39:50 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 12:22:20 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-08-25 11:23:20 5541888 ----a-w- c:\windows\system32\dllcache\wmp.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 08:45:00 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-03-31 20:53:53 393 ----a-w- c:\program files\Shortcut (2) to Program Files.lnk
2006-07-12 23:03:22 251 ------w- c:\program files\wt3d.ini
2009-08-11 03:27:04 22 --sha-w- c:\windows\sminst\HPCD.sys
2010-01-27 03:01:42 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2010-01-16 19:12:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\internet explorer\domstore\index.dat
2010-01-27 03:00:27 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 0:13:42.67 ===============

OTL

OTL logfile created on: 10/29/2010 5:47:52 PM - Run 12
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 816.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 2.35 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 13:17:12 | 000,057,608 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns117.exe -- (ResultDns Service)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:27:31 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\eqvlbni.sys -- (eqvlbni)
DRV - [2010/09/11 15:52:16 | 000,069,504 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\oopuhnpkpjv.sys -- (khqlmxop)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 99 17 9F 5A 4C CB 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}:1.9.1
FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}:1.9.1
FF - prefs.js..extensions.enabledItems: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74}:1.9.1
FF - prefs.js..extensions.enabledItems: {564CAAC7-5546-4484-A7ED-7C77101CD0F5}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/24 10:36:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} [2010/09/29 10:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74} [2010/09/14 08:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}: C:\Documents and Settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\ [2010/10/25 23:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 10:35:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 23:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/20 22:56:13 | 000,000,000 | ---D | M]

[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/28 13:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions
[2010/09/10 10:00:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/03 11:34:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/03 10:33:49 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/10/03 11:35:56 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\searchplugins\google.xml
[2010/10/28 13:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 22:41:03 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}
[2010/10/26 23:32:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/10 20:53:47 | 000,211,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\gpff.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/07 22:30:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/25 19:53:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100916132512.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Wketovidogosi] C:\WINDOWS\kbockb.DLL File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008 Winlogon: Shell - (C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: defray32 - (C:\WINDOWS\system32\cmdljava.dll) - C:\WINDOWS\System32\cmdljava.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/26 23:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/26 12:31:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/29 10:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
[2010/09/24 14:29:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/24 14:29:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 22:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/15 16:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/05 19:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477_files
[2010/08/26 18:34:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/24 17:38:52 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2010/08/13 12:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/12 13:43:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/11 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\ResultDns
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/08/07 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/07 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/29 17:42:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 17:40:36 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/29 17:39:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/29 17:15:14 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/28 22:08:36 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/10/28 22:08:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/10/28 22:08:30 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 12:33:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 00:05:34 | 005,303,202 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/26 10:40:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 22:59:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byosigududi.dat
[2010/10/25 15:04:47 | 000,000,496 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/10/25 11:10:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/10/20 15:24:14 | 003,765,526 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 15:21:37 | 020,972,032 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 15:08:17 | 035,344,492 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 14:38:09 | 006,638,135 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 19:51:16 | 019,723,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 19:45:53 | 014,333,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/10/18 19:48:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/13 16:37:40 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 16:19:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 16:13:09 | 000,000,208 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/13 16:05:08 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/05 22:58:09 | 000,508,024 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/05 22:58:09 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 22:58:09 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/03 18:30:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 20:29:03 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/27 16:19:21 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/09/24 14:29:52 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 00:27:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/22 00:24:29 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/09/21 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/20 22:55:42 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/12 18:34:48 | 000,010,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:52:16 | 000,069,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:40:05 | 000,172,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:38:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:56:08 | 000,988,454 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:52 | 000,077,802 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/04 14:28:35 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:55 | 000,007,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/26 08:29:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 19:53:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/24 17:26:43 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/15 21:31:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\english.doc
[2010/08/08 11:11:46 | 000,064,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/07 22:37:59 | 000,063,525 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/07 21:20:54 | 000,009,179 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 23:47:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 23:47:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 23:47:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 23:47:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/20 15:22:16 | 003,765,526 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 15:13:03 | 020,972,032 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 14:48:57 | 035,344,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 14:33:00 | 006,638,135 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 19:48:08 | 019,723,862 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 19:43:31 | 014,333,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/09/27 20:29:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/24 14:29:52 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 22:55:42 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:25 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/15 16:26:02 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 09:17:20 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/12 18:34:46 | 000,010,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:50:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Byosigududi.dat
[2010/09/11 15:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/09/11 15:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/11 15:39:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:39:29 | 000,172,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:16 | 000,069,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:38:06 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:55:59 | 000,988,454 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:49 | 000,077,802 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/04 14:28:35 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:48 | 000,007,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/24 18:14:55 | 000,044,674 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\bootkit_remover_debug_log.txt
[2010/08/24 17:26:38 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/22 11:39:30 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/07 23:12:14 | 000,009,179 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[2010/08/07 22:37:59 | 000,063,525 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== LOP Check ==========

[2009/12/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/27 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/29 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2006/06/24 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/24 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/29 13:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/03/16 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/23 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/08 17:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/01/17 13:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/13 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/10/19 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/20 22:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/18 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/11 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/20 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon.HOMEWORKFAST\Application Data\uTorrent
[2010/06/30 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\BitTorrent
[2010/05/04 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\Template
[2009/12/05 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/25 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Image Zone Express
[2009/12/25 12:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Leadertech
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
< End of report >

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-29 21:19:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxddykog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72EF054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72EF068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b0
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\10 - The Violent Sequence.flac 24148874 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat (Soundtrack Ver).flac 17933541 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\02 - Heart Beat, Pig Meat (Film Ver).flac 16260357 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\03 - Crumbling Land (Soundtrack Ver).flac 29038768 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\04 - Crumbling Land (Fast Ver).flac 33696855 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\05 - Crumbling Land (Extended Ver).flac 34707906 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\06 - Crumbling Land (Film Ver).flac 3290094 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\07 - Crumbling Land (Rock Ver).flac 11707207 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\08 - Come In Number 51, Your Time Is Up (Soundtrack Ver).flac 30110373 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\09 - Come In Number 51, Your Time Is Up (Film Ver).flac 28046327 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\11 - Love Scene 2 (Vibes).flac 30657035 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\12 - Unknown Song (Soundtrack Ver).flac 34032108 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\13 - Unknown Song (Rough Ver).flac 41442509 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\14 - Unknown Song (Early Ver).flac 35444273 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\15 - Unknown Song (Alternate Ver).flac 33672623 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\16 - Moonhead (BBC-TV 07.69, Documentary On The Lunar Landing).flac 19739112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[FLAC].m3u 702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[WAV].CUE 1525 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\09 - Oenone (Final Ver).flac 31865295 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\01 - Country Song (Soundtrack Ver).flac 27429411 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\02 - Country Song (Alternate Ver).flac 38912339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\03 - Country Song (Humming Ver).flac 12049752 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\04 - Country Song (Instrumental).flac 7670109 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\05 - Love Scene 6 (Soundtrack Ver, Blues).flac 41908316 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\06 - Love Scene 6 (Alternate Ver).flac 43604493 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\07 - Love Scene 4 (Soundtrack Ver).flac 25580829 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\08 - Love Scene 4 (Piano-Vibes Mix).flac 16061121 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\10 - Oenone (Early Ver).flac 21915702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\11 - Oenone (Extended Ver).flac 33552125 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\12 - Oenone (Short Ver).flac 5206819 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\13 - Oenone (Alternate Ver).flac 16892675 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\14 - Fingal's Cave.flac 12299658 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\15 - Main Theme (The Committee Soundtrack, 05.68).flac 16910531 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\16 - Zappa-Set The Controls (All My Loving- UK TV, 08.18.68).flac 21100688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).CUE 1466 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).m3u 643 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat.flac 16961219 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\02 - Brother Mary.flac 17019339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\03 - Dark Star (Excerpt).flac 15514175 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\04 - Crumbling Land.flac 27945471 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\05 - Tennessee Waltz.flac 10507326 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\06 - Sugar Babe.flac 15512031 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\07 - Love Scene.flac 35071428 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\08 - I Wish I Was A Single Girl Again.flac 8194119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\09 - Mickey's Tune.flac 11092112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\10 - Dance Of Death.flac 14930861 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\11 - Come In Number 51, Your Time Is Up.flac 30138169 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1) Fingerprint.txt 688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1).log 3143 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[FLAC].m3u 334 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[WAV].cue 1963 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\01 - Love Scene Improvisations Version 1.flac 21629128 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\02 - Love Scene Improvisations Version 2.flac 27582518 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\03 - Love Scene Improvisations Version 3.flac 26510707 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\04 - Love Scene Improvisations Version 4.flac 27164089 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\05 - Country Song.flac 27521119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\06 - Unknown Song.flac 34090443 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\07 - Love Scene Version 6.flac 41799030 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\08 - Love Scene Version 4.flac 25693421 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes) Fingerprint.txt 564 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes).log 2545 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[FLAC].m3u 309 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[WAV].cue 1619 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 07 November 2010 - 06:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 09 November 2010 - 10:57 PM

OTL logfile created on: 11/8/2010 5:47:52 PM - Run 12
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 816.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 2.35 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/23 15:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 13:17:12 | 000,057,608 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ResultDns\resultdns117.exe -- (ResultDns Service)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 17:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:27:31 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\eqvlbni.sys -- (eqvlbni)
DRV - [2010/09/11 15:52:16 | 000,069,504 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\oopuhnpkpjv.sys -- (khqlmxop)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/03 22:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 10:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 10:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 17:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/14 00:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 17:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 17:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 17:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 17:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 17:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 99 17 9F 5A 4C CB 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}:1.9.1
FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}:1.9.1
FF - prefs.js..extensions.enabledItems: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74}:1.9.1
FF - prefs.js..extensions.enabledItems: {564CAAC7-5546-4484-A7ED-7C77101CD0F5}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/24 10:36:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} [2010/02/08 14:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 18:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} [2010/09/29 10:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}: C:\Documents and Settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74} [2010/09/14 08:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}: C:\Documents and Settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\ [2010/10/25 23:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 10:35:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 23:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/20 22:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/20 22:56:13 | 000,000,000 | ---D | M]

[2009/12/04 01:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/28 13:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions
[2010/09/10 10:00:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/03 11:34:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/03 10:33:49 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/10/03 11:35:56 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\searchplugins\google.xml
[2010/10/28 13:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 22:41:03 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}
[2010/10/26 23:32:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/10 20:53:47 | 000,211,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\gpff.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/07 22:30:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/25 19:53:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100916132512.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Wketovidogosi] C:\WINDOWS\kbockb.DLL File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\monmvr32.exe (SecureNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008 Winlogon: Shell - (C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe) - C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 11:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: defray32 - (C:\WINDOWS\system32\cmdljava.dll) - C:\WINDOWS\System32\cmdljava.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/26 23:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/26 12:31:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/29 10:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
[2010/09/24 14:29:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/24 14:29:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 22:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/15 16:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/05 19:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477_files
[2010/08/26 18:34:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/24 17:38:52 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2010/08/13 12:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/12 13:43:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/11 20:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\ResultDns
[2010/08/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/08/07 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/07 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/29 17:42:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/29 17:40:36 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/29 17:39:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/29 17:15:14 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/28 22:08:36 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/10/28 22:08:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/10/28 22:08:30 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 12:33:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 00:05:34 | 005,303,202 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/26 10:40:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 22:59:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byosigududi.dat
[2010/10/25 15:04:47 | 000,000,496 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/10/25 11:10:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/10/20 15:24:14 | 003,765,526 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 15:21:37 | 020,972,032 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 15:08:17 | 035,344,492 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 14:38:09 | 006,638,135 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 19:51:16 | 019,723,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 19:45:53 | 014,333,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/10/18 19:48:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/13 16:37:40 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 16:19:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 16:13:09 | 000,000,208 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/13 16:05:08 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/05 22:58:09 | 000,508,024 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/05 22:58:09 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 22:58:09 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/03 18:30:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 20:29:03 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/27 16:19:21 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bands.doc
[2010/09/24 14:29:52 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 00:27:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/22 00:24:29 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/09/21 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/20 22:55:42 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/12 18:34:48 | 000,010,342 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:52:16 | 000,069,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:40:05 | 000,172,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:38:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:56:08 | 000,988,454 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:52 | 000,077,802 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/04 14:28:35 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:55 | 000,007,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/26 08:29:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 19:53:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/24 17:26:43 | 000,036,833 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/15 21:31:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\english.doc
[2010/08/08 11:11:46 | 000,064,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/07 22:37:59 | 000,063,525 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/07 21:20:54 | 000,009,179 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[3 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 23:47:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 23:47:16 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 23:47:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 23:47:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 23:47:03 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/20 15:22:16 | 003,765,526 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 15:13:03 | 020,972,032 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 14:48:57 | 035,344,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 14:33:00 | 006,638,135 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 19:48:08 | 019,723,862 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 19:43:31 | 014,333,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/09/27 20:29:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/24 14:29:52 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 22:55:42 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/19 18:50:25 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\anime.doc
[2010/09/19 14:03:32 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Doc1.doc
[2010/09/15 16:26:02 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/14 09:17:20 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/09/12 18:34:46 | 000,010,342 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tjbruning.jpg
[2010/09/11 15:50:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Byosigududi.dat
[2010/09/11 15:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/09/11 15:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eqvlbni.sys
[2010/09/11 15:39:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/09/11 15:39:29 | 000,172,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2010/09/11 15:39:16 | 000,069,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\oopuhnpkpjv.sys
[2010/09/11 15:38:06 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/09/07 13:56:35 | 000,008,577 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\images.jpeg
[2010/09/07 13:55:59 | 000,988,454 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\frenchy.bmp
[2010/09/05 19:17:49 | 000,077,802 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\code_483477.html
[2010/09/04 14:28:35 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/30 13:09:48 | 000,007,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\okami_sliding_doors.png
[2010/08/24 18:14:55 | 000,044,674 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\bootkit_remover_debug_log.txt
[2010/08/24 17:26:38 | 000,036,833 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2010/08/22 11:39:30 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/07 23:12:14 | 000,009,179 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tj bruning.jpg
[2010/08/07 22:37:59 | 000,063,525 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\UsefulResources.rtf
[2010/08/07 22:27:51 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 22:27:51 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/08 17:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 10:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 20:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 13:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 14:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 12:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 12:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 17:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 12:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 12:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 12:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 12:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 12:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 12:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 18:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 17:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 21:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 20:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 15:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 13:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 18:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 11:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 11:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 11:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 11:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 11:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 11:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 11:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 11:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 10:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 10:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 10:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 10:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 10:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 10:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 10:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 10:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 10:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 10:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 01:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== LOP Check ==========

[2009/12/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/27 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/03/29 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/08 17:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2006/06/24 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/24 17:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/29 13:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/03/16 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/23 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/08 17:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2010/01/17 13:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/13 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/10/19 19:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/20 22:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/18 15:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/11 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/20 14:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon.HOMEWORKFAST\Application Data\uTorrent
[2010/06/30 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\BitTorrent
[2010/05/04 10:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\envis\Application Data\Template
[2009/12/05 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/25 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Image Zone Express
[2009/12/25 12:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy.HOMEWORKFAST\Application Data\Leadertech
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/28 12:33:34 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 23:47:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/28 14:18:49 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/25 23:47:14 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/26 21:30:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-11-8 21:19:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxddykog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72EF054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72EF068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1b0
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\10 - The Violent Sequence.flac 24148874 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat (Soundtrack Ver).flac 17933541 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\02 - Heart Beat, Pig Meat (Film Ver).flac 16260357 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\03 - Crumbling Land (Soundtrack Ver).flac 29038768 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\04 - Crumbling Land (Fast Ver).flac 33696855 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\05 - Crumbling Land (Extended Ver).flac 34707906 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\06 - Crumbling Land (Film Ver).flac 3290094 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\07 - Crumbling Land (Rock Ver).flac 11707207 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\08 - Come In Number 51, Your Time Is Up (Soundtrack Ver).flac 30110373 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\09 - Come In Number 51, Your Time Is Up (Film Ver).flac 28046327 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\11 - Love Scene 2 (Vibes).flac 30657035 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\12 - Unknown Song (Soundtrack Ver).flac 34032108 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\13 - Unknown Song (Rough Ver).flac 41442509 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\14 - Unknown Song (Early Ver).flac 35444273 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\15 - Unknown Song (Alternate Ver).flac 33672623 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\16 - Moonhead (BBC-TV 07.69, Documentary On The Lunar Landing).flac 19739112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[FLAC].m3u 702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 1)\Ultimate Zabriskie Point (Disc 1)[WAV].CUE 1525 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\09 - Oenone (Final Ver).flac 31865295 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\01 - Country Song (Soundtrack Ver).flac 27429411 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\02 - Country Song (Alternate Ver).flac 38912339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\03 - Country Song (Humming Ver).flac 12049752 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\04 - Country Song (Instrumental).flac 7670109 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\05 - Love Scene 6 (Soundtrack Ver, Blues).flac 41908316 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\06 - Love Scene 6 (Alternate Ver).flac 43604493 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\07 - Love Scene 4 (Soundtrack Ver).flac 25580829 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\08 - Love Scene 4 (Piano-Vibes Mix).flac 16061121 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\10 - Oenone (Early Ver).flac 21915702 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\11 - Oenone (Extended Ver).flac 33552125 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\12 - Oenone (Short Ver).flac 5206819 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\13 - Oenone (Alternate Ver).flac 16892675 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\14 - Fingal's Cave.flac 12299658 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\15 - Main Theme (The Committee Soundtrack, 05.68).flac 16910531 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\16 - Zappa-Set The Controls (All My Loving- UK TV, 08.18.68).flac 21100688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).CUE 1466 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1969) Pink Floyd - Ultimate Zabriskie Point [FLAC]\Ultimate Zabriskie Point (Disc 2)\Ultimate Zabriskie Point (Disc 2).m3u 643 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\01 - Heart Beat, Pig Meat.flac 16961219 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\02 - Brother Mary.flac 17019339 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\03 - Dark Star (Excerpt).flac 15514175 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\04 - Crumbling Land.flac 27945471 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\05 - Tennessee Waltz.flac 10507326 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\06 - Sugar Babe.flac 15512031 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\07 - Love Scene.flac 35071428 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\08 - I Wish I Was A Single Girl Again.flac 8194119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\09 - Mickey's Tune.flac 11092112 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\10 - Dance Of Death.flac 14930861 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\11 - Come In Number 51, Your Time Is Up.flac 30138169 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1) Fingerprint.txt 688 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1).log 3143 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[FLAC].m3u 334 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disc 1)\Zabriskie Point (Disk 1)[WAV].cue 1963 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\01 - Love Scene Improvisations Version 1.flac 21629128 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\02 - Love Scene Improvisations Version 2.flac 27582518 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\03 - Love Scene Improvisations Version 3.flac 26510707 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\04 - Love Scene Improvisations Version 4.flac 27164089 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\05 - Country Song.flac 27521119 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\06 - Unknown Song.flac 34090443 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\07 - Love Scene Version 6.flac 41799030 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\08 - Love Scene Version 4.flac 25693421 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes) Fingerprint.txt 564 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes).log 2545 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[FLAC].m3u 309 bytes
File C:\Documents and Settings\HP_Administrator\Desktop\Angra - Rainy Nights (Single)\PINK_FLOYD_full_discography_FLAC-lossless_ZoneTeam\Pink Floyd - Zabriskie Point e Ultimate Z. P\(1970) Pink Floyd - Zabriskie Point (1997 Rhino Reissue)[FLAC]\Zabriskie Point (Disk 2)\Zabriskie Point (Disk 2 - Outtakes)[WAV].cue 1619 bytes

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 10 November 2010 - 07:40 PM

Hello, spl1h.


Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 13 November 2010 - 07:31 PM

I'll get the CF scan soon...

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 13 November 2010 - 07:34 PM

OK, i'll keep an eye out.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 13 November 2010 - 08:33 PM

...and here it is

ComboFix 10-11-12.06 - HP_Administrator 11/13/2010 19:44:32.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\etavaresCF.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\avdrn.dat
c:\windows\ST6UNST.000
c:\windows\system32\driVERs\eqvlbni.sys
c:\windows\system32\drivers\oopuhnpkpjv.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_khqlmxop
-------\Legacy_eqvlbni
-------\Service_eqvlbni


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-10-26 03:58 . 2010-10-26 03:58 -------- d-----w- c:\documents and settings\envis\Application Data\Apple Computer
2010-10-26 03:57 . 2010-10-26 03:57 -------- d-----w- c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 03:28 . 2010-07-22 14:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 03:28 . 2010-07-22 14:30 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 03:28 . 2010-07-22 14:30 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 03:28 . 2010-07-22 14:30 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 03:28 . 2010-07-22 14:30 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 03:28 . 2010-07-22 14:30 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 03:28 . 2010-07-22 14:30 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 03:28 . 2009-12-04 21:35 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 03:28 . 2009-12-04 21:35 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 03:28 . 2009-12-04 21:35 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-18 16:23 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 04:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 04:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 06:29 . 2009-12-29 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-10 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 04:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 04:00 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 04:00 357248 ------w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-04 00:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 04:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2010-10-13 00:16 590848 ----a-w- c:\windows\system32\SETE8C.tmp
2010-08-16 08:45 . 2004-08-10 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-11 00:53 . 2010-08-11 00:53 211456 ----a-w- c:\program files\mozilla firefox\components\gpff.dll
2010-10-14 03:28 . 2010-08-10 16:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"Wketovidogosi"="c:\windows\kbockb.dll" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-24 180269]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-24 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MP4 Player\\Mp4Player.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/22/2010 9:30 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/4/2009 4:37 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 9:30 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 9:30 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/22/2010 9:30 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [7/22/2010 9:30 AM 141792]
R2 ResultDns Service;ResultDns Service;c:\documents and settings\All Users\Application Data\ResultDns\resultdns119.exe [11/13/2010 12:08 PM 61704]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/22/2010 9:30 AM 55840]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/24/2006 9:47 AM 82048]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/22/2010 9:30 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 9:30 AM 88544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 9:30 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/22/2010 9:30 AM 84264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-11-13 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-01 14:06]

2010-11-10 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-12-16 21:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
FF - HiddenExtension: XULRunner: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
FF - HiddenExtension: XULRunner: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74} - c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}
FF - HiddenExtension: XULRunner: {564CAAC7-5546-4484-A7ED-7C77101CD0F5} - c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
AddRemove-ResultDns - c:\program files\ResultDns\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\ResultDns\resultdns.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\program files\ResultDns\resultdns.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-11-13 20:23:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 01:23
ComboFix2.txt 2010-08-26 12:32
ComboFix3.txt 2010-08-26 00:00
ComboFix4.txt 2010-08-13 16:24
ComboFix5.txt 2010-11-14 00:38

Pre-Run: 4,510,138,368 bytes free
Post-Run: 6,283,960,320 bytes free

- - End Of File - - 0606836555C67AC80F689D6E9CB27C83

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 14 November 2010 - 07:05 AM

Hello, spl1h.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Files::
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\monmvr32.exe
C:\WINDOWS\Byosigududi.dat
C:\WINDOWS\Rwilegirifadu.bin
c:\windows\kbockb.dll
Driver::
ResultDns Service
Folder::
C:\Documents and Settings\All Users\Application Data\ResultDns\
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wketovidogosi"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 0
DDS::
FF - HiddenExtension: XULRunner: {53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1} - c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
FF - HiddenExtension: XULRunner: {674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
FF - HiddenExtension: XULRunner: {6AFA6825-EA8B-4651-A09E-67D3A06DCA74} - c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}
FF - HiddenExtension: XULRunner: {564CAAC7-5546-4484-A7ED-7C77101CD0F5} - c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 14 November 2010 - 02:30 PM

Voila...

ComboFix 10-11-13.01 - HP_Administrator 11/14/2010 13:53:52.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.717 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ResultDns\
c:\documents and settings\All Users\Application Data\ResultDns\\resultdns119.exe
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\chrome.manifest
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\chrome\content\_cfg.js
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\chrome\content\overlay.xul
c:\documents and settings\envis\Local Settings\Application Data\{564CAAC7-5546-4484-A7ED-7C77101CD0F5}\install.rdf
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{674DF9B3-3A90-4A18-AD7A-9F99ACDC6E36}\install.rdf
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}\chrome.manifest
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}\chrome\content\overlay.xul
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{53C8AFFF-C72D-40F7-A9DE-8FE5B2F27DD1}\install.rdf
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}\chrome.manifest
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}\chrome\content\_cfg.js
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}\chrome\content\overlay.xul
c:\documents and settings\Nancy.HOMEWORKFAST\Local Settings\Application Data\{6AFA6825-EA8B-4651-A09E-67D3A06DCA74}\install.rdf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RESULTDNS_SERVICE
-------\Service_ResultDns Service


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-10-26 03:58 . 2010-10-26 03:58 -------- d-----w- c:\documents and settings\envis\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 03:28 . 2010-07-22 14:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 03:28 . 2010-07-22 14:30 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 03:28 . 2010-07-22 14:30 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 03:28 . 2010-07-22 14:30 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 03:28 . 2010-07-22 14:30 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 03:28 . 2010-07-22 14:30 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 03:28 . 2010-07-22 14:30 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 03:28 . 2009-12-04 21:35 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 03:28 . 2009-12-04 21:35 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-14 03:28 . 2009-12-04 21:35 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-18 16:23 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 04:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 04:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 06:29 . 2009-12-29 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-10 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 04:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 04:00 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 04:00 357248 ------w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-04 00:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 04:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 00:53 . 2010-08-11 00:53 211456 ----a-w- c:\program files\mozilla firefox\components\gpff.dll
2010-10-14 03:28 . 2010-08-10 16:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-24 180269]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-24 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MP4 Player\\Mp4Player.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/22/2010 9:30 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/4/2009 4:37 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 9:30 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [7/22/2010 9:30 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/22/2010 9:30 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [7/22/2010 9:30 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/22/2010 9:30 AM 55840]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/24/2006 9:47 AM 82048]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/22/2010 9:30 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 9:30 AM 88544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/22/2010 9:30 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/22/2010 9:30 AM 84264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-11-13 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-01 14:06]

2010-11-10 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-12-16 21:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-11-14 14:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 19:19
ComboFix2.txt 2010-11-14 01:23
ComboFix3.txt 2010-08-26 12:32
ComboFix4.txt 2010-08-26 00:00
ComboFix5.txt 2010-11-14 18:48

Pre-Run: 6,284,234,752 bytes free
Post-Run: 6,293,798,912 bytes free

- - End Of File - - 799E8D9B042019EBF072BFC01E3555D0

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 14 November 2010 - 02:39 PM

Hello, spl1h.
How is it running now?

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 spl1h

spl1h
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 17 November 2010 - 02:09 PM

OTL logfile created on: 11/17/2010 1:21:14 PM - Run 14
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 5.59 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/11/02 10:33:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/02 10:32:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/23 14:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/06 12:23:16 | 000,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\Mp4Player.exe
PRC - [2008/08/21 11:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/24 10:06:27 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/03/20 11:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/16 04:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/02/21 18:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 18:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/11/08 16:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2004/07/28 01:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/23 14:17:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/02/13 23:05:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/02/13 23:05:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/21 18:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 16:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/03 21:19:52 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/03/03 09:44:53 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 09:44:53 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/03 09:44:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/04/20 16:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/13 23:05:00 | 003,642,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/08 16:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 16:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 16:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 16:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 16:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aryion.com/forum/search.php?keywords=&terms=all&author=elportero
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 99 17 9F 5A 4C CB 01 [binary data]
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/02 10:36:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 17:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 23:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 10:34:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/09/20 21:56:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/09/20 21:56:13 | 000,000,000 | ---D | M]

[2009/12/04 00:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/11/17 12:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions
[2010/09/10 09:00:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/03 10:34:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/03 09:33:49 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/10/03 10:35:56 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2hjjl8w1.default\searchplugins\google.xml
[2010/11/17 12:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 12:08:13 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}
[2010/10/26 22:32:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/10 19:53:47 | 000,211,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\gpff.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/08/07 21:30:06 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/11/14 14:08:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108234756.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (IE Translator) - {531C49A7-179F-43CA-AF5E-AF375FBB8840} - C:\Program Files\Sarm Software\IETranslator\Translator.dll ()
O3 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1990701754-1645400505-1719210952-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/24 10:20:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 19:38:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/13 19:38:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/13 19:38:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/13 19:38:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/02 10:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/26 22:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/26 22:32:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/26 22:32:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 22:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 22:32:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/26 11:31:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[4 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 11:52:11 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/11/17 11:45:05 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/17 11:43:37 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/17 11:42:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/17 11:42:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/17 11:42:49 | 1072,123,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 00:18:29 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/11/17 00:10:53 | 002,113,330 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/11/16 15:36:35 | 000,000,496 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/11/16 11:22:56 | 000,219,041 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1289864649.akirameerkat_scan0008.jpg
[2010/11/16 11:22:29 | 000,271,797 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1288065457.akirameerkat_scan0009.jpg
[2010/11/16 11:22:15 | 000,189,667 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1284433638.akirameerkat_scan0002.jpg
[2010/11/16 11:22:04 | 000,182,143 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\1279774599.akirameerkat_scan0005.jpg
[2010/11/16 00:05:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/11/15 13:32:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/15 11:38:28 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DivX Movies.lnk
[2010/11/15 11:37:06 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/14 14:08:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/11/14 14:08:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/14 13:44:37 | 003,909,734 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\etavaresCF.exe
[2010/11/12 12:01:28 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Swedish-English.doc
[2010/11/11 12:08:17 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/11 12:08:15 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/11/11 10:29:40 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/11/10 09:17:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1400 series.job
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 14:11:10 | 000,317,371 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194405-18748.jpg
[2010/11/07 14:11:02 | 000,398,161 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194400-18748.jpg
[2010/11/07 14:10:53 | 000,398,627 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194396-18748.jpg
[2010/11/07 14:10:46 | 000,415,352 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194394-18748.jpg
[2010/11/07 14:10:25 | 000,413,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194112-18748.jpg
[2010/11/07 14:10:13 | 000,477,607 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194111-18748.jpg
[2010/11/07 14:10:06 | 000,466,602 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194110-18748.jpg
[2010/11/07 14:09:54 | 000,498,581 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194109-18748.jpg
[2010/11/07 13:24:15 | 000,162,751 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194185-6083.png
[2010/11/07 13:23:51 | 000,382,121 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\194184-6083.png
[2010/11/07 13:23:31 | 000,898,729 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192399-7501.jpg
[2010/11/07 13:23:19 | 000,701,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192398-7501.jpg
[2010/11/07 13:22:53 | 000,123,644 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192208-7501.jpg
[2010/11/07 13:22:32 | 000,156,676 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192207-7501.jpg
[2010/11/07 13:22:02 | 000,047,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192206-7501.jpg
[2010/11/07 13:21:50 | 000,738,156 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192033-7501.jpg
[2010/11/07 13:21:39 | 000,581,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192023-7501.jpg
[2010/11/07 13:21:34 | 000,515,564 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\192004-7501.jpg
[2010/11/07 13:21:29 | 000,585,482 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191987-7501.jpg
[2010/11/07 13:21:23 | 000,532,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191962-7501.jpg
[2010/11/07 13:21:17 | 000,575,345 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191938-7501.jpg
[2010/11/07 13:20:57 | 000,602,615 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191903-7501.jpg
[2010/11/07 13:20:53 | 000,734,350 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191805-7501.jpg
[2010/11/07 13:20:45 | 000,591,892 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191736-7501.jpg
[2010/11/07 13:20:36 | 000,515,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191705-7501.jpg
[2010/11/07 13:19:39 | 000,024,206 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191680-7501-1.jpg
[2010/11/07 13:19:32 | 000,261,346 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191638-7501.jpg
[2010/11/07 13:19:24 | 000,082,399 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191606-7501.JPG
[2010/11/07 13:18:49 | 000,145,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191548-7501.jpg
[2010/11/07 13:18:43 | 000,756,334 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191588-7501.jpg
[2010/11/07 13:18:12 | 000,101,202 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\191564-7501.jpg
[2010/11/07 13:18:01 | 000,108,022 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\189877-7501.jpg
[2010/11/07 13:17:55 | 000,170,686 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\189859-7501.jpg
[2010/11/07 13:17:46 | 000,271,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\189831-7501.jpg
[2010/11/07 13:17:41 | 000,240,796 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\178606-7501.jpg
[2010/11/07 13:17:34 | 000,326,052 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\178575-7501.jpg
[2010/11/07 13:17:13 | 000,310,191 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\177682-7501.jpg
[2010/11/07 13:17:06 | 000,301,153 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\177681-7501.jpg
[2010/11/07 13:16:57 | 000,326,587 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\174436-7501.jpg
[2010/11/07 13:16:55 | 000,445,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 13:16:55 | 000,072,924 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 13:16:54 | 000,525,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/07 13:16:36 | 000,212,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\174232-7501.jpg
[2010/11/07 13:16:28 | 000,335,182 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\174121-7501.jpg
[2010/11/07 09:17:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 12:29:08 | 003,505,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sensual endoscopy.mp4
[2010/11/02 12:15:19 | 009,522,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\marLa_ The Journey Inside.mp4
[2010/11/02 12:06:07 | 002,761,125 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Guided Tour.mp4
[2010/11/02 11:48:09 | 000,644,066 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pillcam 03.mp4
[2010/11/02 11:46:33 | 000,859,061 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pillcam 02.mp4
[2010/11/02 11:46:14 | 000,862,899 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PILLCAM 1.mp4
[2010/11/02 11:45:51 | 003,307,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside a Japanese Girl.mp4
[2010/10/29 17:09:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 21:59:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Byosigududi.dat
[2010/10/25 10:10:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rwilegirifadu.bin
[2010/10/20 14:24:14 | 003,765,526 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 14:21:37 | 020,972,032 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 14:08:17 | 035,344,492 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 13:38:09 | 006,638,135 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 18:51:16 | 019,723,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 18:45:53 | 014,333,409 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/10/18 18:48:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 11:22:54 | 000,219,041 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1289864649.akirameerkat_scan0008.jpg
[2010/11/16 11:22:28 | 000,271,797 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1288065457.akirameerkat_scan0009.jpg
[2010/11/16 11:22:14 | 000,189,667 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1284433638.akirameerkat_scan0002.jpg
[2010/11/16 11:21:55 | 000,182,143 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\1279774599.akirameerkat_scan0005.jpg
[2010/11/15 11:37:06 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/11/14 13:42:29 | 003,909,734 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\etavaresCF.exe
[2010/11/13 19:38:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/13 19:38:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/13 19:38:30 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/13 19:38:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/13 19:38:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/07 14:11:09 | 000,317,371 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194405-18748.jpg
[2010/11/07 14:11:00 | 000,398,161 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194400-18748.jpg
[2010/11/07 14:10:53 | 000,398,627 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194396-18748.jpg
[2010/11/07 14:10:45 | 000,415,352 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194394-18748.jpg
[2010/11/07 14:10:24 | 000,413,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194112-18748.jpg
[2010/11/07 14:10:12 | 000,477,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194111-18748.jpg
[2010/11/07 14:10:05 | 000,466,602 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194110-18748.jpg
[2010/11/07 14:09:53 | 000,498,581 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194109-18748.jpg
[2010/11/07 13:24:12 | 000,162,751 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194185-6083.png
[2010/11/07 13:23:46 | 000,382,121 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\194184-6083.png
[2010/11/07 13:23:30 | 000,898,729 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192399-7501.jpg
[2010/11/07 13:23:19 | 000,701,080 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192398-7501.jpg
[2010/11/07 13:22:53 | 000,123,644 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192208-7501.jpg
[2010/11/07 13:22:32 | 000,156,676 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192207-7501.jpg
[2010/11/07 13:22:01 | 000,047,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192206-7501.jpg
[2010/11/07 13:21:49 | 000,738,156 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192033-7501.jpg
[2010/11/07 13:21:39 | 000,581,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192023-7501.jpg
[2010/11/07 13:21:33 | 000,515,564 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\192004-7501.jpg
[2010/11/07 13:21:29 | 000,585,482 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191987-7501.jpg
[2010/11/07 13:21:22 | 000,532,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191962-7501.jpg
[2010/11/07 13:21:16 | 000,575,345 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191938-7501.jpg
[2010/11/07 13:20:56 | 000,602,615 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191903-7501.jpg
[2010/11/07 13:20:51 | 000,734,350 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191805-7501.jpg
[2010/11/07 13:20:45 | 000,591,892 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191736-7501.jpg
[2010/11/07 13:20:35 | 000,515,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191705-7501.jpg
[2010/11/07 13:19:38 | 000,024,206 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191680-7501-1.jpg
[2010/11/07 13:19:31 | 000,261,346 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191638-7501.jpg
[2010/11/07 13:19:24 | 000,082,399 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191606-7501.JPG
[2010/11/07 13:18:48 | 000,145,086 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191548-7501.jpg
[2010/11/07 13:18:42 | 000,756,334 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191588-7501.jpg
[2010/11/07 13:18:12 | 000,101,202 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\191564-7501.jpg
[2010/11/07 13:18:01 | 000,108,022 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\189877-7501.jpg
[2010/11/07 13:17:54 | 000,170,686 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\189859-7501.jpg
[2010/11/07 13:17:45 | 000,271,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\189831-7501.jpg
[2010/11/07 13:17:40 | 000,240,796 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\178606-7501.jpg
[2010/11/07 13:17:34 | 000,326,052 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\178575-7501.jpg
[2010/11/07 13:17:11 | 000,310,191 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\177682-7501.jpg
[2010/11/07 13:17:01 | 000,301,153 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\177681-7501.jpg
[2010/11/07 13:16:56 | 000,326,587 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\174436-7501.jpg
[2010/11/07 13:16:35 | 000,212,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\174232-7501.jpg
[2010/11/07 13:16:21 | 000,335,182 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\174121-7501.jpg
[2010/11/02 12:28:14 | 003,505,354 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Sensual endoscopy.mp4
[2010/11/02 12:12:16 | 009,522,180 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\marLa_ The Journey Inside.mp4
[2010/11/02 12:05:29 | 002,761,125 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Guided Tour.mp4
[2010/11/02 11:48:04 | 000,644,066 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pillcam 03.mp4
[2010/11/02 11:46:30 | 000,859,061 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pillcam 02.mp4
[2010/11/02 11:46:07 | 000,862,899 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PILLCAM 1.mp4
[2010/11/02 11:45:13 | 003,307,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside a Japanese Girl.mp4
[2010/11/02 10:41:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/02 10:41:48 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/10/31 15:26:11 | 1072,123,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/20 14:22:16 | 003,765,526 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Capsule Endoscopy of Skittle_.mp4
[2010/10/20 14:13:03 | 020,972,032 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Endoscopy ;) mi endoscopia.mp4
[2010/10/20 13:48:57 | 035,344,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Ellie_.mp4
[2010/10/20 13:33:00 | 006,638,135 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Digestion Video.mp4
[2010/10/19 18:48:08 | 019,723,862 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.flv
[2010/10/19 18:43:31 | 014,333,409 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Inside A Black Woman_.mp4
[2010/09/15 15:26:02 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/08 16:46:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 09:05:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/09 19:34:39 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/03/16 12:18:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/28 13:48:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/03 11:59:03 | 000,185,344 | R--- | C] () -- C:\WINDOWS\FRANKCAL.DLL
[2006/12/03 11:55:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/11/26 16:52:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/11/26 11:04:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2006/11/26 11:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scantiff.INI
[2006/11/26 11:02:11 | 000,000,417 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2006/11/26 11:02:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2006/11/26 11:02:00 | 000,000,109 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2006/11/26 11:01:38 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2006/11/25 17:18:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2006/11/25 16:51:04 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2006/07/24 20:15:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/07/18 19:32:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/14 14:10:37 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/14 12:45:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/05 17:45:26 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/24 10:49:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/24 10:28:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/24 10:23:39 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/24 10:23:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/24 10:20:44 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/24 10:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/24 10:07:50 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/24 10:07:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/24 09:49:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/24 09:46:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/24 09:46:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/24 09:46:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/24 09:46:35 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/24 09:46:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/24 09:45:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/24 09:24:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/24 09:24:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/24 09:23:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 00:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/04 00:13:44 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\msrtrnf.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Dvd Edit Projects:Roxio EMC Stream
< End of report >

OTL Extras logfile created on: 11/17/2010 1:21:15 PM - Run 14
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 5.59 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.43 Gb Free Space | 4.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEWORKFAST
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\MP4 Player\Mp4Player.exe" = C:\Program Files\MP4 Player\Mp4Player.exe:*:Enabled:mp4Player -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19FDB8E4-59AD-4330-9667-E8DCAF018DD3}" = Unload
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{418B6023-B2C4-4E8A-993C-C4AD8D888BB0}" = IETranslator
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B90EC7F6-816F-4BFA-948B-6CB6082E55EC}" = Tango
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitTorrent" = BitTorrent
"DISCover" = DISCover
"DivX Setup.divx.com" = DivX Setup
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ERUNT_is1" = ERUNT 1.1j
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP4 Player" = MP4 Player
"MSC" = McAfee Total Protection
"Netscape Browser" = Netscape Browser (remove only)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel® PRO Network Connections Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"ResultDns" = ResultDns 1.0 build 119
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Usenet.nl_is1" = Usenet.nl
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WT005515" = Polar Bowler
"WT005523" = Tradewinds
"WT005631" = Fairies
"WT005635" = Big Kahuna Reef
"WT005644" = Mystery Case Files
"WT005647" = Slingo Deluxe
"WT006072" = Ancient Sudoku
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1990701754-1645400505-1719210952-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2010 1:16:32 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 545687

Error - 11/17/2010 1:16:32 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 545687

Error - 11/17/2010 1:16:48 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2010 1:16:48 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 561531

Error - 11/17/2010 1:16:48 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561531

Error - 11/17/2010 1:17:04 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/17/2010 1:17:04 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 577140

Error - 11/17/2010 1:17:04 AM | Computer Name = HOMEWORKFAST | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 577140

Error - 11/17/2010 1:08:48 PM | Computer Name = HOMEWORKFAST | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 11/17/2010 1:29:29 PM | Computer Name = HOMEWORKFAST | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 11/12/2010 10:40:41 PM | Computer Name = HOMEWORKFAST | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/12/2010 10:43:32 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 11/12/2010 10:43:34 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/15/2010 12:29:42 PM | Computer Name = HOMEWORKFAST | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/15/2010 12:32:24 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 11/15/2010 12:32:32 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/15/2010 10:31:52 PM | Computer Name = HOMEWORKFAST | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/15/2010 10:34:36 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 11/15/2010 10:34:39 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 11/15/2010 10:35:19 PM | Computer Name = HOMEWORKFAST | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 17 November 2010 - 07:34 PM

Hello, spl1h.
Looking much better. How is it running?



Step 1

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 2

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

ResultDns 1.0 build 119


Be sure to reboot when done.



Step 3

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    J2SE Runtime Environment 5.0 Update 5
  • Reboot your computer once all Java components are removed.




Step 4

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    :OTL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 5

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 6

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 20 November 2010 - 05:02 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 AM

Posted 28 November 2010 - 08:58 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users