Search Engine Being Redirected Help! - Page 2

Question

crunchie 990 Most Valuable Poster

13 Years Ago

Well, I am stumped and I hate saying it :(. I will see if I can get some help here.

PhilliePhan 171 Central Scrutinizer

13 Years Ago

Well, I am stumped and I hate saying it :(. I will see if I can get some help here.

Hey guys,

Looks to me like a persistent re-infection of the MBR. This might be a newer version of this popular affliction.
Lots of logs and little time, so I may have missed something, but I'd focus on the MBR.

-- A reinstall might be faster and certainly most effective, as our scanners just may not see this yet....

You could try this:
Please download mbr.exe and place it in your C:\ Drive
-- Click START > RUN > type cmd ENTER
At the prompt, type or Copy and Paste: mbr -t > C:\Logit.txt
Let it run and please post the Logit.txt for us.

-- Also, go ahead and delete your current combofix and then DL a fresh copy and run another scan as you did before. Let's see if it replaces another infected .sys file.....

Best Luck :)
PP

PhilliePhan 171 Central Scrutinizer

13 Years Ago

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
S3 IRLSSZY;IRLSSZY;c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe [?]
S3 YPARRTSJMFN;YPARRTSJMFN;c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe [?]

Looks like something is reinfecting intelide.sys.

Also, did you check those iffy files YPARRTSJMFN.exe & IRLSSZY.exe? They might be baddies - certainly look the part, but who knows these days...

Wish I had more time to help you guys out, but it's back to the salt mines for a bit.

Cheers :)
PP

crunchie 990 Most Valuable Poster

13 Years Ago

Did you check those files that PP pointed out? If they come back clean, I would say a reformat might be more timely.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 1 · 2010-06-04T10:22:06+00:00

Open a command prompt and type in ipconfig /flushdns then press enter.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==

Download and Install
Please download SUPERAntiSypware Free for Home Users...to your desktop.

Double-click SUPERAntiSypware.exe... use the default settings for installation.
Double-click the icon...created on your desktop... to launch the program.
Click "Yes" ... if asked to update definitions. If not...press the "Check for Updates"...button.
If you encounter any problems while downloading the updates, manually download and unzip them from Here.
Once the updates have been applied... STOP!
Close and exit SUPERAntiSypware.

Boot to Safe Mode
Make sure you have downloaded anything you need... print these instructions as well, you will not have Internet access!

Restart your computer. During start up... repeatedly tap the F8 key... When the menu appears...
Use up-arrow key to select "Safe Mode" and press Enter.
- If you have a multiple boot system (more than 1 OS installed) or you have
Recovery Console installed...
you will be shown a multi boot screen. Highlight the OS you want to start... Press Enter.

[*]Once the system starts ...it displays various files/drivers being loaded, it may pause, that's normal.
[*]When your desktop is loaded... reply "Yes" to the Safe Mode startup, if prompted.

SUPERAntiSpyware scan:

Double-click the SUPERAntiSypware icon...on your desktop... to launch the program.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with... any items detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete".
Click "OK" and then click the "Finish" button to return to the main menu.
Reply "Yes" to the reboot prompt.
Launch SUPERAntispyware again....
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  Save the log file to your desktop...name it: saslog.txt
Click Close to exit the program.

If you have not rebooted your system... from the previous instructions...please do so now.
Please copy/paste entire contents of saslog.txt... in your next reply, along with a new hijackthis log.

dbrey99 0 Light Poster · Answer 2 · 2010-06-04T19:56:20+00:00

Here is the saslog log:

SUPERAntiSpyware Scan Log
[url]http://www.superantispyware.com[/url]

Generated 06/04/2010 at 01:30 AM

Application Version : 4.38.1004

Core Rules Database Version : 4951
Trace Rules Database Version: 2763

Scan type       : Quick Scan
Total Scan Time : 01:39:05

Memory items scanned      : 277
Memory threats detected   : 0
Registry items scanned    : 542
Registry threats detected : 0
File items scanned        : 63820
File threats detected     : 9

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@atdmt[1].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@ad.wsod[2].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@content.yieldmanager[1].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@advertise[1].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@bizzclick[2].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Administrator.SPIKE\Cookies\administrator@ad.yieldmanager[2].txt

Adware.Media-Codec/ZLob
    C:\Program Files\Applications

And the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:42 AM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.att.net/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://search.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab[/url]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [url]http://download.eset.com/special/eos/OnlineScanner.cab[/url]
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - [url]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/url]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url]http://www.adobe.com/products/acrobat/nos/gp.cab[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{32620CE8-D0AB-47D9-885B-8FDA4A3A2650}: NameServer = 192.168.1.254
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13207 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2010-06-04T20:09:19+00:00

Can you please do the following.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\Program Files\AWS\WeatherBug\Weather.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Scan with HijackThis and then place a check next to all the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\AWS

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

dbrey99 0 Light Poster · Answer 4 · 2010-06-04T20:34:29+00:00

New Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:57 AM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32620CE8-D0AB-47D9-885B-8FDA4A3A2650}: NameServer = 192.168.1.254
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12807 bytes

I tried a search result and the first one worked fine, but all subsequent were redirected

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2010-06-05T05:17:52+00:00

I am going away for the weekend so will not be able to check in, but in the meantime, can you uninstall Java completely from the pc and then check to see if you get re-directed.

dbrey99 0 Light Poster · Answer 6 · 2010-06-05T09:24:34+00:00

Have a good weekend and thanks again for your help.

I will uninstall Java and give it a try.

dbrey99 0 Light Poster · Answer 7 · 2010-06-07T08:28:15+00:00

dbrey99 0 Light Poster

13 Years Ago

I removed Java and am still being redirected.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2010-06-07T12:50:44+00:00

Ok, you can re-install that now. This one is getting hard to nail down.

==

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:Commands
[EMPTYFLASH]
[emptytemp]
[Reboot]
```
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Do the re-directs happen with all browsers?

dbrey99 0 Light Poster · Answer 9 · 2010-06-07T21:16:31+00:00

Here is the log from Run Fix:

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.SPIKE
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HP_Owner
->Flash cache emptied: 434 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 7725 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.SPIKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 5220011 bytes
->Temporary Internet Files folder emptied: 16666383 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42960464 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5092485 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8480364 bytes

Total Files Cleaned = 75.00 mb

OTL by OldTimer - Version 3.2.5.2 log created on 06072010_095836

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the log from Quick Scan:

OTL logfile created on: 6/7/2010 10:04:57 AM - Run 5
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 41.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

Computer Name: SPIKE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/05/18 12:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:42:48 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/10/26 16:42:40 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/11/04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/10/13 18:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/28 10:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/05/19 17:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/02 19:16:10 | 000,086,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/13 19:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 08:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/10/04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blackrockcs.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 11:50:26 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/03 10:27:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518162508.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MWLExe] C:\Program Files\McAfee\MWL\MWLGuiSt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab (YPCXWizard Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 22:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 23:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
[2010/06/03 23:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/03 23:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/03 23:39:34 | 008,924,856 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\HP_Owner\Desktop\SUPERAntiSpyware.exe
[2010/06/03 10:27:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 09:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\.SunDownloadManager
[2010/06/03 08:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa
[2010/06/02 19:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix Backups
[2010/06/02 19:28:24 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/01 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/31 16:24:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/31 16:24:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/31 16:24:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/31 16:24:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/31 16:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/31 10:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/31 10:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/31 08:22:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 22:15:09 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 07:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 00:24:12 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/29 00:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/05/28 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/28 12:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/05/28 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/28 12:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/28 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Google
[2010/05/28 09:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/28 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/28 09:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/27 21:25:44 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2010/05/27 21:09:16 | 000,000,000 | ---D | C] -- C:\rei
[2010/05/27 21:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/05/27 08:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/27 08:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/27 07:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/27 07:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/27 07:39:18 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\RegRun2
[2010/05/27 07:38:52 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/27 07:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 07:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\gtopala
[2010/05/27 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/27 07:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/27 00:46:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/05/27 00:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/27 00:46:39 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/05/27 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/27 00:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Simply Super Software
[2010/05/27 00:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
[2010/05/26 23:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\hvpfllebq
[2010/05/26 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/26 23:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 21:56:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/05/26 16:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/05/26 16:09:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 16:08:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 18:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\eukyberbn
[2010/05/11 09:02:08 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/04/24 18:33:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 18:32:59 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/24 18:32:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 18:32:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 18:32:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/24 18:32:59 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 18:32:59 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 18:32:59 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 18:32:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 18:32:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/11 14:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Unity
[2010/04/05 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/05 09:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\HRBlock

========== Files - Modified Within 90 Days ==========

[2100/04/08 12:45:26 | 000,069,632 | ---- | M] (Oasis Semiconductor Inc.) -- C:\WINDOWS\System32\Lxasmdm.dll
[2010/06/07 10:03:12 | 002,387,968 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/06/07 10:03:07 | 001,634,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/06/07 10:02:51 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/07 10:02:35 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/06/07 10:02:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 10:02:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 10:02:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 10:02:26 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/07 10:01:26 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/06/07 10:01:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/07 10:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 09:18:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 23:41:58 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/03 23:37:22 | 008,924,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\HP_Owner\Desktop\SUPERAntiSpyware.exe
[2010/06/03 16:44:24 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\DelDomains.inf
[2010/06/03 10:27:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/03 10:24:51 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/03 09:57:13 | 000,001,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:57:00 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:39 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:33:44 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/06/02 22:25:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/02 21:51:24 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/06/02 21:47:46 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 19:28:00 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\HP_Owner\Desktop\GooredFix.exe
[2010/06/02 17:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/30 22:06:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/05/29 13:29:51 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 23:06:28 | 000,049,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 15:11:10 | 000,002,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/27 23:19:56 | 000,000,318 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/05/27 23:19:42 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:12:03 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 23:12:03 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 23:12:02 | 000,358,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 23:08:31 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 23:08:25 | 000,000,740 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:04:11 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:50:45 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/05/27 22:50:44 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/27 22:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 22:50:30 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:36:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/27 22:15:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/27 21:26:04 | 000,015,272 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 08:44:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:51:01 | 004,274,856 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/05/27 07:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/27 07:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/27 07:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:39:18 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/27 07:39:18 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/27 07:28:19 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.bak
[2010/05/27 07:16:40 | 010,193,146 | ---- | M] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/26 21:58:27 | 000,129,780 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/24 15:48:03 | 000,012,156 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/21 18:58:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/21 12:16:58 | 000,012,808 | ---- | M] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/05/15 16:51:33 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | M] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/05/11 09:02:08 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\savapi3.dll
[2010/05/05 10:52:45 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/04 14:52:31 | 000,012,620 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/27 17:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 14:14:16 | 000,009,602 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2010/04/15 09:18:45 | 000,190,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 19:15:45 | 000,015,804 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 17:08:23 | 000,011,312 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/13 17:08:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/09 16:48:15 | 000,013,805 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:28:26 | 000,003,969 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/05 09:43:48 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:08:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:20 | 000,010,165 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:47 | 000,010,469 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2010/03/11 11:06:45 | 000,003,645 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg

========== Files Created - No Company Name ==========

[2010/06/04 08:49:40 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/03 23:41:58 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/03 19:05:10 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\DelDomains.inf
[2010/06/03 09:57:13 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jre-6u20-windows-i586.exe.sdm
[2010/06/03 09:56:57 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275577021895-integrated.jnlp
[2010/06/03 09:52:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe
[2010/06/03 09:52:20 | 000,004,588 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u20-windows-i586.exe.sdm
[2010/06/03 09:50:34 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1275576633768-integrated.jnlp
[2010/06/03 08:39:50 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\JavaRa.zip
[2010/06/02 22:07:00 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2010/06/02 21:51:32 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SecurityCheck.exe
[2010/06/02 21:51:24 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2010/05/31 16:24:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/31 16:24:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/31 16:24:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/31 16:24:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/31 16:24:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/29 13:29:51 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 15:08:24 | 000,002,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/28 12:52:28 | 000,057,344 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/28 09:55:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:55:30 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/27 23:19:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\Compress.res
[2010/05/27 23:19:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2010/05/27 23:08:23 | 000,000,740 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2010/05/27 23:03:08 | 000,000,692 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2010/05/27 22:57:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/27 21:26:04 | 000,015,272 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2010/05/27 21:09:18 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Reimage Repair.lnk
[2010/05/27 16:52:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/05/27 08:44:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 07:39:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/27 07:27:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Owner\NTUSER.tmp.LOG
[2010/05/27 07:11:15 | 010,193,146 | ---- | C] () -- C:\WINDOWS\System32\SDQBESQNJL
[2010/05/27 00:13:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/27 00:13:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/27 00:13:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/27 00:13:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/26 21:58:05 | 000,129,780 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100526_215802.reg
[2010/05/22 16:51:03 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\HP_Owner\ntuser.dat
[2010/05/19 20:56:32 | 000,012,156 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Statement of faith.docx
[2010/05/15 16:51:32 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Multi Family Garage Sale 3232 Longford Dr.docx
[2010/05/11 09:02:08 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/04/29 09:32:34 | 000,012,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VBS Snacks 2010.xlsx
[2010/04/15 09:18:44 | 000,190,682 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2009 IL Tax Return.pdf
[2010/04/13 17:08:11 | 000,015,804 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Shirley Chisholm Paper.docx
[2010/04/13 16:09:39 | 000,011,312 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Works cited.docx
[2010/04/09 16:48:14 | 000,013,805 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh's chore chart.docx
[2010/04/09 16:29:11 | 000,003,969 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Gir!!!.jpg
[2010/04/09 16:05:04 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kaleigh[1].doc
[2010/04/05 09:43:48 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeductionPro 2009.lnk
[2010/04/05 09:42:08 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2009.lnk
[2010/03/30 20:05:32 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\science project.doc
[2010/03/18 12:51:08 | 000,010,165 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\I believe I am a qualified.docx
[2010/03/17 10:15:46 | 000,010,469 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Easter spring poem.docx
[2009/07/17 12:04:20 | 000,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/01/30 19:40:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/10/07 13:50:15 | 000,001,301 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/09/14 12:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/14 11:55:14 | 000,000,612 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/21 15:10:57 | 000,000,057 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/04/03 17:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/17 14:06:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/17 14:06:48 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/12 14:54:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/12 14:53:40 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPSCX7400.ini
[2008/01/30 12:09:45 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/30 12:09:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxasbce.dll
[2008/01/30 12:09:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2008/01/30 12:03:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LEXUSBCI.DLL
[2008/01/20 14:19:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/01/13 00:47:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/13 00:43:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/13 00:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/13 00:43:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/13 00:43:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/13 00:43:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/13 00:15:13 | 000,014,554 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2008/01/13 00:15:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2008/01/13 00:14:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/01/13 00:11:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 23:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/12 23:49:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/01/12 23:40:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/04 09:30:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/02/04 09:30:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/02/04 09:29:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/09/13 18:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 22:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 22:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 23:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/05/26 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/12 14:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/01 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/03/17 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/27 08:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/28 12:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/28 22:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/05 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/05/27 00:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/02 23:19:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

I only had IE installed on this machine. Before I spoke with you in the first place I installed Firefox and it did redirect...

On the IE toolbar there is an add in search bar from McAfee called Secure Search, which does not seem to be redirecting. It is only the main search bar (upper right... labeled Yahoo Search)that is redirecting.

dbrey99 0 Light Poster · Answer 10 · 2010-06-07T21:43:58+00:00

I take that last comment back. THe McAffee search bar is redirecting. I tried it again and it did.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2010-06-08T07:20:51+00:00

Can you open Internet Options in Control Panel and then go to the advanced Tab. Once there, click on the reset button and see if that helps the redirects.

dbrey99 0 Light Poster · Answer 12 · 2010-06-08T07:45:32+00:00

dbrey99 0 Light Poster

13 Years Ago

It is still redirecting.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2010-06-09T02:38:39+00:00

Please download Rootkit Revealer
Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt
on your desktop and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.

dbrey99 0 Light Poster · Answer 14 · 2010-06-09T05:44:54+00:00

Here is the log:

HKU\S-1-5-21-2775987497-128428944-3518003585-1009\Console 6/2/2010 10:32 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 1/13/2008 12:13 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 1/13/2008 12:13 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\McAfee\MSC\Settings\Stats\VSO\Activity\ScanResult\TrackingCookiesDetected\SDSValue 6/8/2010 5:17 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee\MSC\Settings\Stats\VSO\Activity\ScanResult\TrackingCookiesResolved\SDSValue 6/8/2010 5:17 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68111541c50.bup 6/8/2010 5:21 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811281038a0.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811281a1570.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811281a2bf0.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128236d0.bup 6/8/2010 5:40 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128242ee0.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811282b1570.bup 6/8/2010 5:40 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811282b1d40.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811282b1f40.bup 6/8/2010 5:40 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811282b2130.bup 6/8/2010 5:40 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811282b38a0.bup 6/8/2010 5:40 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128301860.bup 6/8/2010 5:40 PM 2.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128337d0.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128531c0.bup 6/8/2010 5:40 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112861380.bup 6/8/2010 5:40 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112861b50.bup 6/8/2010 5:40 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112861e40.bup 6/8/2010 5:40 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811288fa0.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128a1480.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681128a2220.bup 6/8/2010 5:40 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112902af0.bup 6/8/2010 5:41 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811291930d0.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6811291932c0.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681129212ee0.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681129291f0.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681129331380.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112933ea0.bup 6/8/2010 5:41 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112952610.bup 6/8/2010 5:41 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a01280.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a01770.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a03e0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a152af0.bup 6/8/2010 5:42 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a1833c0.bup 6/8/2010 5:42 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a22da0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a262610.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a263e0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a264e0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a271380.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a2b1670.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a3329f0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a352610.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a371280.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a43b90.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a4ab0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a92ee0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112a932c0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112aa2af0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112ab2bf0.bup 6/8/2010 5:42 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b162030.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b162420.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b171280.bup 6/8/2010 5:43 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b171b50.bup 6/8/2010 5:43 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b172320.bup 6/8/2010 5:43 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b21860.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b3037a0.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b306d0.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b3100.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b52800.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112b531c0.bup 6/8/2010 5:43 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c1bb0.bup 6/8/2010 5:44 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c3634b0.bup 6/8/2010 5:44 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c372510.bup 6/8/2010 5:44 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c392800.bup 6/8/2010 5:44 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c392ce0.bup 6/8/2010 5:44 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c3931c0.bup 6/8/2010 5:44 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112c3933c0.bup 6/8/2010 5:44 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d155d0.bup 6/8/2010 5:45 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d172610.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d1d1280.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d312420.bup 6/8/2010 5:45 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d312800.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d3131c0.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d322af0.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d81480.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112d835b0.bup 6/8/2010 5:45 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112e353e0.bup 6/8/2010 5:46 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112e354e0.bup 6/8/2010 5:46 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112f12510.bup 6/8/2010 5:47 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112f131090.bup 6/8/2010 5:47 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112f131190.bup 6/8/2010 5:47 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112f13bb0.bup 6/8/2010 5:47 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da68112f13ea0.bup 6/8/2010 5:47 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681292a1190.bup 6/8/2010 6:09 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681292a3990.bup 6/8/2010 6:09 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da681292b3e0.bup 6/8/2010 6:09 PM 4.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812c2b1b50.bup 6/8/2010 6:12 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812c391860.bup 6/8/2010 6:12 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812c391d40.bup 6/8/2010 6:12 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812c392320.bup 6/8/2010 6:12 PM 2.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812c392900.bup 6/8/2010 6:12 PM 2.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d31570.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d362ce0.bup 6/8/2010 6:13 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d37d0.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d3a2130.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d3a34b0.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d3a3990.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812d3fa0.bup 6/8/2010 6:13 PM 3.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e173b90.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e1b2900.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e1bbb0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e1bea0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e2031c0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e2a34b0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812e91c50.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812eacb0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812eb1b50.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812ee1d40.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812ee2030.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6812ef2ee0.bup 6/8/2010 6:14 PM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3X8C2O7O\29[2].gif 6/8/2010 5:53 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3X8C2O7O\3[2].gif 6/8/2010 5:26 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3X8C2O7O\60431[1].xml 6/8/2010 6:08 PM 589 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\3X8C2O7O\ss1xusagetrack[1].html 6/8/2010 5:26 PM 163 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4E51HV13\29[1].gif 6/8/2010 5:26 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4E51HV13\3[3].gif 6/8/2010 5:53 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4E51HV13\60431[1].xml 6/8/2010 5:21 PM 585 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4E51HV13\ss1xusagetrack[2].html 6/8/2010 5:45 PM 163 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9TNTC2R4\29[1].gif 6/8/2010 5:45 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9TNTC2R4\3[1].gif 6/8/2010 5:45 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9TNTC2R4\60431[1].xml 6/8/2010 5:26 PM 589 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9TNTC2R4\ss1xusagetrack[2].html 6/8/2010 5:49 PM 163 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9TNTC2R4\ssconfig[1].xml 6/8/2010 5:53 PM 4.87 KB Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\KA06SHA8\29[3].gif 6/8/2010 5:48 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\KA06SHA8\3[1].gif 6/8/2010 5:48 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\KA06SHA8\ss1xusagetrack[2].html 6/8/2010 5:53 PM 163 bytes Hidden from Windows API.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\KA06SHA8\ssconfig[1].xml 6/8/2010 5:26 PM 4.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com 6/8/2010 5:40 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com 6/8/2010 5:40 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg 6/8/2010 6:14 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg\Demo.sol 6/8/2010 6:14 PM 327 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg\OptOut.sol 6/8/2010 5:40 PM 61 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg\Retargeting.sol 6/8/2010 5:41 PM 66 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg\Tearsheet.sol 6/8/2010 6:14 PM 84 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#com\videoegg\Twig.sol 6/8/2010 5:40 PM 79 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#ve 6/8/2010 5:40 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\core.videoegg.com\#ve\admanager.sol 6/8/2010 5:40 PM 93 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\images.jambocast.com 6/8/2010 5:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\images.jambocast.com\jcp 6/8/2010 5:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE\images.jambocast.com\jcp\JamboPlayer.swf 6/8/2010 5:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com 6/8/2010 5:40 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com\settings.sol 6/8/2010 5:40 PM 87 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.jambocast.com 6/8/2010 5:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.jambocast.com\settings.sol 6/8/2010 5:44 PM 90 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@00381712ls.ls100.blueseek[1].txt 6/8/2010 5:14 PM 157 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@66.45.56[1].txt 6/8/2010 5:15 PM 568 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@88.214.193[1].txt 6/8/2010 5:14 PM 108 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@abmr[2].txt 6/8/2010 6:13 PM 202 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@abmr[3].txt 6/8/2010 5:16 PM 201 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@ad.yieldmanager[3].txt 6/8/2010 5:15 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@ads.bighealthtree[1].txt 6/8/2010 5:14 PM 113 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@ads.financialcontent[2].txt 6/8/2010 5:15 PM 116 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@ads.pubmatic[1].txt 6/8/2010 6:13 PM 157 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@adserver.adtechus[1].txt 6/8/2010 5:17 PM 108 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@advertise[2].txt 6/8/2010 5:16 PM 176 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@beyondthedow[1].txt 6/8/2010 5:14 PM 493 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@bidsystem[1].txt 6/8/2010 5:15 PM 97 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@bizzclick[2].txt 6/8/2010 5:14 PM 127 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@bluekai[1].txt 6/8/2010 6:14 PM 660 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@burstnet[1].txt 6/8/2010 5:15 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@cdn4.specificclick[2].txt 6/8/2010 6:14 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@chinaontv[2].txt 6/8/2010 6:14 PM 507 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@content.yieldmanager[3].txt 6/8/2010 5:15 PM 84 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@cp.beyondthedow[1].txt 6/8/2010 5:14 PM 79 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@crux.mevio[1].txt 6/8/2010 5:17 PM 96 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@dc.tremormedia[1].txt 6/8/2010 5:23 PM 114 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@dc.tremormedia[2].txt 6/8/2010 5:20 PM 115 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@egotvonline[1].txt 6/8/2010 5:16 PM 495 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@exelator[1].txt 6/8/2010 5:21 PM 661 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@eyewonder[1].txt 6/8/2010 6:14 PM 85 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@facebook[1].txt 6/8/2010 5:17 PM 137 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@fwmrm[2].txt 6/8/2010 5:21 PM 789 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@gamesweaseltv.mevio[1].txt 6/8/2010 5:15 PM 94 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@glam[2].txt 6/8/2010 5:16 PM 456 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@golfdigest[1].txt 6/8/2010 6:14 PM 974 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@google[4].txt 6/8/2010 5:17 PM 139 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@google[5].txt 6/8/2010 5:17 PM 357 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@imrworldwide[2].txt 6/8/2010 5:20 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@itc.20340.blueseek[1].txt 6/8/2010 5:16 PM 143 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@lycos[1].txt 6/8/2010 5:16 PM 109 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@media6degrees[2].txt 6/8/2010 6:13 PM 280 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@mevio[2].txt 6/8/2010 5:20 PM 683 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@mmismm[1].txt 6/8/2010 6:13 PM 87 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@mmismm[2].txt 6/8/2010 5:20 PM 88 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@mx3.31573.blueseek[1].txt 6/8/2010 5:16 PM 143 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@network.realmedia[3].txt 6/8/2010 5:21 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@opt.fimserve[2].txt 6/8/2010 5:16 PM 102 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@optimized-by.rubiconproject[1].txt 6/8/2010 5:15 PM 516 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@pubmatic[2].txt 6/8/2010 6:14 PM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@quantserve[1].txt 6/8/2010 6:13 PM 181 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@realmedia[2].txt 6/8/2010 6:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@realmedia[3].txt 6/8/2010 5:20 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@rubiconproject[2].txt 6/8/2010 5:16 PM 730 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@serving-sys[1].txt 6/8/2010 6:13 PM 453 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@simpli[1].txt 6/8/2010 6:13 PM 97 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@specificclick[2].txt 6/8/2010 6:14 PM 178 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@specificmedia[1].txt 6/8/2010 6:14 PM 101 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@spotxchange[1].txt 6/8/2010 5:21 PM 244 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@videoegg.adbureau[1].txt 6/8/2010 6:14 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@videoegg[1].txt 6/8/2010 6:14 PM 100 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@www.beyondthedow[1].txt 6/8/2010 5:21 PM 78 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@www.burstnet[2].txt 6/8/2010 5:16 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@www.egotvonline[1].txt 6/8/2010 5:15 PM 112 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@www.mevio[2].txt 6/8/2010 5:17 PM 158 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@yellowpages.lycos[2].txt 6/8/2010 5:17 PM 583 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@yumenetworks[2].txt 6/8/2010 6:15 PM 185 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\%7Bmod_drag,mod_ctrapi%7D[1].js 6/8/2010 5:17 PM 33.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\00.1[1].gif 6/8/2010 5:16 PM 15.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\0ba54fb8f0bd0688d28bd7cf2dc9694bc9a117b8[1].jpg 6/8/2010 5:15 PM 13.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1123909468@Top1[1] 6/8/2010 5:17 PM 422 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1187064701aors%20s1%20trailer[1].jpg 6/8/2010 5:15 PM 2.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1213656666malibu-banner-300x250-v4[1].jpg 6/8/2010 5:15 PM 2.98 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1222381847iStock_000000205959Medium[1].jpg 6/8/2010 5:16 PM 2.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1272046350iron-man-vs-hugh-grant-sm[1].jpg 6/8/2010 5:15 PM 2.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1272302363lance-cat-sm[1].jpg 6/8/2010 5:15 PM 2.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1447368853@Top1[1] 6/8/2010 5:16 PM 1.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\15189[1].jpg 6/8/2010 5:16 PM 6.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\165101966@Bottom3[1].htm 6/8/2010 5:17 PM 219 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1750115712@Top1[1] 6/8/2010 5:20 PM 1.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1753909298@Top1[1] 6/8/2010 5:17 PM 1.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1908227411@Top1[1] 6/8/2010 5:18 PM 1.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\191wiexm[1].png 6/8/2010 6:14 PM 1.25 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[1] 6/8/2010 5:20 PM 905 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[1].htm 6/8/2010 5:17 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[2] 6/8/2010 5:20 PM 896 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[2].htm 6/8/2010 5:18 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[3].htm 6/8/2010 5:20 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[4].htm 6/8/2010 5:20 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[5].htm 6/8/2010 5:21 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1[6].htm 6/8/2010 5:21 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\1dtqcgfw[1].js 6/8/2010 6:14 PM 5.38 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006BP060710[1].jpg 6/8/2010 5:15 PM 1.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006Dividends060310[1].jpg 6/8/2010 5:15 PM 1.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006Dividends060410[1].jpg 6/8/2010 5:15 PM 1.73 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006ETF060310[1].jpg 6/8/2010 5:15 PM 1.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006ETF060410[1].jpg 6/8/2010 5:15 PM 1.71 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\201006SNY060410[1].jpg 6/8/2010 5:15 PM 1.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\23539-15[1].js 6/8/2010 5:16 PM 1.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\23539-2[1].js 6/8/2010 5:16 PM 1.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\27377_1414106071_2839_q[1].jpg 6/8/2010 6:14 PM 2.44 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\27387_1623674610_8703_q[1].jpg 6/8/2010 6:14 PM 2.62 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276326[1].jpg 6/8/2010 5:16 PM 2.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276327[1].jpg 6/8/2010 5:16 PM 2.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276327[2].jpg 6/8/2010 5:16 PM 2.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276333[1].jpg 6/8/2010 5:16 PM 4.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276364[1].jpg 6/8/2010 5:16 PM 6.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276364[2].jpg 6/8/2010 5:16 PM 6.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276365[1].jpg 6/8/2010 5:16 PM 7.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\276367[1].jpg 6/8/2010 5:16 PM 6.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\2cd2dhd8[1].js 6/8/2010 6:14 PM 734 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\2ez9u7fx[1].css 6/8/2010 6:14 PM 638 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\376ml0md[1].css 6/8/2010 6:14 PM 375 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\3f8z3ffq[1].js 6/8/2010 6:14 PM 1.38 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\448695699@Bottom3[1].htm 6/8/2010 5:17 PM 211 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\472797537@Bottom3[1].htm 6/8/2010 5:18 PM 219 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\4890de6cc6664[1].xml 6/8/2010 5:20 PM 860 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\48a4356d62681[1].xml 6/8/2010 5:21 PM 919 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\538w6yfj[1].js 6/8/2010 6:14 PM 2.28 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\5718[1].jpg 6/8/2010 5:16 PM 8.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\5kdno7a9[1].js 6/8/2010 6:14 PM 723 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\5qoy5qho[1].js 6/8/2010 6:14 PM 1.24 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\6339f7d2adae2da2c298509c6f1f705d07d3857a[1].jpg 6/8/2010 5:15 PM 11.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\645661930@Bottom3[1].htm 6/8/2010 5:20 PM 219 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\6o4e4dus[1].css 6/8/2010 6:14 PM 3.84 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\6of4ngnp[1].js 6/8/2010 6:14 PM 6.60 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\7688u1oi[1].js 6/8/2010 6:14 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\7o2tj6xq[1].js 6/8/2010 6:14 PM 612 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\90_config[1].xml 6/8/2010 5:21 PM 6.20 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\9732[1].jpg 6/8/2010 5:16 PM 6.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\;subnid=1;bnid=1;adid=939505;header=yes;misc=35733120;dn100%25=1[1] 6/8/2010 5:23 PM 1 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\;subnid=1;bnid=1;adid=939505;header=yes;misc=35733120;dn25%25=1[1] 6/8/2010 5:22 PM 1 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\_woman_index;kw=top;kw=golf_digest_woman;kw=indexv2;!c=top;!c=golf_digest_woman;!c=indexv2;sz=970x418;dcopt=ist;tile=2;ord=5404446968494794[ 6/8/2010 6:13 PM 100 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ad_city_focus_236_90[1].jpg 6/8/2010 6:14 PM 11.42 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\AdId=951409;BnId=2;ct=854398214;st=1335;adcid=1;itime=35637872;reqtype=5[1] 6/8/2010 5:20 PM 1 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ads[1].txt 6/8/2010 5:15 PM 3.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ads_by_pulse360_10_color[1].png 6/8/2010 5:15 PM 1.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\adServer[2].htm 6/8/2010 5:46 PM 1.66 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\adServer[3].htm 6/8/2010 6:12 PM 1.86 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\adServer[4].htm 6/8/2010 6:13 PM 1.86 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\AdServerServlet.htm 6/8/2010 6:13 PM 1.77 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\AdServerServlet[9].htm 6/8/2010 5:39 PM 1.46 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ADTECH%3B%3Bkvq%3DD%3B;loc=100;noperf=1;target=_blank;cc=2;sub1=367332;sub2=367330;sub3=367329;sub4=367331;misc=907193322[1] 6/8/2010 5:20 PM 6.68 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ADTECH;adid=918229;bnid=-1;target=_blank;sub1=939505;misc=35733120[1].htm 6/8/2010 5:21 PM 249 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\aecfek2n[1].js 6/8/2010 6:14 PM 5.65 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\afe_specificclick_netCAHR7UI7.htm 6/8/2010 6:14 PM 504 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\afe_specificclick_netCASS87VA.htm 6/8/2010 5:41 PM 660 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ai_realmedia_com[1].htm 6/8/2010 6:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\B4370580[1].htm 6/8/2010 6:14 PM 354 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\backcookie[1].js 6/8/2010 5:16 PM 2.29 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\bannerInc[1].js 6/8/2010 6:14 PM 30.27 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\be3e9da26432b5a27e620de3eafd6e6cbce823b1[1].jpg 6/8/2010 5:15 PM 10.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\beacon[1].js 6/8/2010 5:15 PM 1.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\beacon[2].js 6/8/2010 5:15 PM 1.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\bf_r[1].swf 6/8/2010 5:40 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\BK_2010_assurance_v1_30k_160x600[1].swf 6/8/2010 6:14 PM 28.40 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\blank[5].gif 6/8/2010 5:43 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\blank[6].gif 6/8/2010 5:44 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\box-heading[1].png 6/8/2010 5:15 PM 2.62 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\brash_widget[1].js 6/8/2010 5:15 PM 702 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\c21_newColor_agent_jpg[1].jpg 6/8/2010 6:14 PM 52.96 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\CAQ6XHL1CALN1KLQCAY52BAPCA2UEXTTCACB2WTVCA071Q06CABEMCAHCA5KGKJUCA0N8TYACATHXRQDCASTDF1QCAEVVQ6MCAIRRZ0JCAF4S02FCA5FEMAQCANKNO7BCA1KJG4V.htm 6/8/2010 6:14 PM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\config[1].js 6/8/2010 6:13 PM 160 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\connect-css[1].txt 6/8/2010 5:17 PM 13.84 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\convpixel[1].jpg 6/8/2010 5:16 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\crossdomain[6].xml 6/8/2010 5:17 PM 187 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\crossdomain[8].xml 6/8/2010 5:21 PM 201 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\css[1].css 6/8/2010 5:16 PM 8.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\DARTIframe[1].html 6/8/2010 6:13 PM 3.11 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\dot[1].gif 6/8/2010 6:15 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\dot[2].gif 6/8/2010 6:19 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\dynamic_companion_banner_iframe[1].htm 6/8/2010 6:14 PM 994 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ego_logo[1].png 6/8/2010 5:15 PM 6.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\en_US[1] 6/8/2010 5:17 PM 17.76 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ewmp_trk[1].gif 6/8/2010 6:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ewtrack_onload[1].gif 6/8/2010 6:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ewtrack_v[1].gif 6/8/2010 6:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\expandingIframeGlobalTemplate_v2_56_03[1].js 6/8/2010 6:13 PM 64.13 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\external-tracking.min[1].js 6/8/2010 5:16 PM 927 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\f08e56ef3c31bcf0e5d8b3eac1355cb0861b4fbd[1].jpg 6/8/2010 5:15 PM 10.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\F7049CA2-588E-429B-AC69-D91FB6743CD1[1].swf 6/8/2010 6:13 PM 28.63 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\failover[1].jpg 6/8/2010 6:14 PM 21.65 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\flashwrite_1_2[1].js 6/8/2010 5:16 PM 801 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\fw-nonplayer-banner[1].htm 6/8/2010 5:20 PM 631 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\GARY_Coleman-fcg[1].jpg 6/8/2010 5:17 PM 139.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\gf=100[1].htm 6/8/2010 6:14 PM 73 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\GgngabMd_512K_480x360[1].flv 6/8/2010 6:15 PM 981.92 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\glam_comscore[1].js 6/8/2010 5:15 PM 363 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\GLF_Footer_620x180_MMB[1].gif 6/8/2010 6:13 PM 29.60 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\golf-equipment[1].txt 6/8/2010 6:13 PM 2.60 KB Hidden from Windows API.
6/8/2010 5:17 PM 14.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ico_copyrights[1].gif 6/8/2010 6:14 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\id[1].php 6/8/2010 6:14 PM 17 bytes Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\ie6-fixes[1].css 6/8/2010 5:15 PM 1.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\img[1].txt 6/8/2010 6:14 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\imp[3] 6/8/2010 5:40 PM 1.07 KB Hidden from Windows API.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\jcarousel_mevio[1].js 6/8/2010 5:15 PM 28.62 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\jd.gallery.js[1].php 6/8/2010 5:16 PM 25.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\jd.gallery.transitions[1].js 6/8/2010 5:16 PM 2.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\I0KITOQQ\jd.gallery[1].css 6/8/2010 5:16 PM 2.55 KB

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2010-06-09T15:38:52+00:00

Please close all browser windows and then run ATF cleaner again as per my previous instructions.

====================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\B5TV4UTE
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys


:Commands
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

terminato 0 Newbie Poster · Answer 16 · 2010-06-09T16:11:35+00:00

terminato 0 Newbie Poster

13 Years Ago

My search engine is still redirecting.

dbrey99 0 Light Poster · Answer 17 · 2010-06-09T19:14:04+00:00

Do you think I'm better off at this point just starting over... clearing out the HD, reformatting and reinstalling XP?

dbrey99 0 Light Poster · Answer 18 · 2010-06-10T09:14:19+00:00

Here is the Logit.txt:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82EDBD01]<<
kernel: MBR read successfully
user & kernel MBR OK

Here is the Combofix log:

ComboFix 10-06-09.01 - HP_Owner 06/09/2010 21:47:07.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.153 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 02:29 . 2010-06-10 02:11 77312 ----a-w- C:\mbr.exe
2010-06-04 04:49 . 2010-06-04 04:49 63488 ----a-w- c:\documents and settings\Administrator.SPIKE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 04:49 . 2010-06-04 04:49 52224 ----a-w- c:\documents and settings\Administrator.SPIKE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 04:49 . 2010-06-04 04:49 117760 ----a-w- c:\documents and settings\Administrator.SPIKE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 04:49 . 2010-06-04 04:49 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\SUPERAntiSpyware.com
2010-06-04 04:45 . 2010-06-04 04:45 63488 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 04:45 . 2010-06-04 04:45 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 04:44 . 2010-06-04 04:44 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 04:42 . 2010-06-04 04:42 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2010-06-04 04:42 . 2010-06-04 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-04 04:41 . 2010-06-04 04:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-03 14:51 . 2010-06-03 15:02 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2010-06-01 21:08 . 2010-06-01 21:08 -------- d-----w- c:\program files\ESET
2010-05-31 13:22 . 2010-05-31 13:22 -------- d-----w- C:\_OTL
2010-05-30 01:30 . 2010-05-30 01:33 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Malwarebytes
2010-05-29 12:16 . 2010-05-29 12:16 -------- d-----w- c:\program files\Trend Micro
2010-05-29 05:51 . 2010-05-29 05:51 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\Adobe
2010-05-29 05:24 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-29 05:24 . 2010-05-29 05:24 -------- d-----w- c:\program files\Panda Security
2010-05-29 04:28 . 2010-05-29 04:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-28 18:27 . 2010-05-28 17:55 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-28 17:52 . 2010-05-28 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-28 17:52 . 2010-05-28 17:52 57344 ---ha-w- C:\SZKGFS.dat
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\program files\STOPzilla!
2010-05-28 17:51 . 2010-05-28 17:51 -------- d-----w- c:\program files\Common Files\iS3
2010-05-28 17:51 . 2010-05-29 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-28 14:55 . 2010-05-28 14:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-28 14:55 . 2010-05-28 14:56 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2010-05-28 14:53 . 2010-05-28 14:55 -------- d-----w- c:\program files\Google
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\Owner
2010-05-28 04:00 . 2010-05-28 04:00 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2010-05-28 03:59 . 2010-05-28 03:50 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2010-05-28 03:59 . 2010-05-28 03:50 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-28 03:59 . 2010-05-28 03:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-28 03:59 . 2010-05-28 03:50 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-28 03:59 . 2010-05-28 03:50 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-05-28 02:26 . 2010-05-28 02:26 15272 ----a-w- c:\windows\system32\Native.exe
2010-05-28 02:25 . 2010-05-28 04:03 -------- d-----w- C:\ReimageUndo
2010-05-28 02:09 . 2010-05-28 04:19 -------- d-----w- C:\rei
2010-05-28 02:09 . 2010-05-28 02:09 -------- d-----w- c:\program files\Reimage
2010-05-27 16:00 . 2010-05-28 04:00 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\PrivacIE
2010-05-27 15:35 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 15:06 . 2010-05-27 15:06 -------- d-sh--w- c:\documents and settings\Administrator.SPIKE\IETldCache
2010-05-27 15:06 . 2008-01-13 05:19 128 ----a-w- c:\documents and settings\Administrator.SPIKE\Local Settings\Application Data\fusioncache.dat
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\InterMute
2010-05-27 15:06 . 2008-01-13 04:52 -------- d-----w- c:\documents and settings\Administrator.SPIKE\Application Data\Apple Computer
2010-05-27 13:44 . 2010-05-27 13:44 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 13:44 . 2010-05-27 13:44 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\program files\Trojan Remover
2010-05-27 13:14 . 2010-05-27 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\Microsoft
2010-05-27 12:40 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar
2010-05-27 12:39 . 2010-05-27 12:39 2 --shatr- c:\windows\winstart.bat
2010-05-27 12:39 . 2010-05-27 12:39 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-27 12:39 . 2010-05-27 12:39 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-27 12:38 . 2010-05-21 17:16 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-27 12:38 . 2010-05-27 13:14 -------- d-----w- c:\program files\UnHackMe
2010-05-27 12:25 . 2010-05-27 12:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtopala
2010-05-27 12:21 . 2010-05-27 12:40 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-05-27 12:18 . 2010-05-27 12:18 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcp71.dll
2010-05-27 12:18 . 2010-05-27 12:18 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\jmc.dll
2010-05-27 12:18 . 2010-05-27 12:18 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cf0b583-n\msvcr71.dll
2010-05-27 12:17 . 2010-05-27 12:17 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-sse.dll
2010-05-27 12:17 . 2010-05-27 12:17 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2ad6ad-n\decora-d3d.dll
2010-05-27 12:17 . 2010-06-07 14:41 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- C:\ERDNT
2010-05-27 05:46 . 2010-05-27 05:46 -------- d-----w- c:\windows\ERUNT
2010-05-27 05:46 . 2010-05-27 05:47 -------- d-----w- C:\!FixIEDef
2010-05-27 05:18 . 2010-05-27 05:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-27 05:13 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-27 05:13 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-27 05:13 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-27 05:13 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-27 05:13 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-27 05:13 . 2010-05-27 05:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\hvpfllebq
2010-05-27 04:59 . 2010-05-27 04:59 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\nrjjjdarp
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\program files\Alwil Software
2010-05-27 04:41 . 2010-05-27 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-27 04:26 . 2010-05-27 04:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-27 04:16 . 2010-05-27 04:16 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-26 21:09 . 2010-05-26 21:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-05-26 21:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 21:08 . 2010-05-29 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 21:08 . 2010-05-26 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-26 21:08 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 23:50 . 2010-05-23 23:50 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\eukyberbn
2010-05-11 14:02 . 2010-05-11 14:02 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-05-11 14:02 . 2010-05-11 14:02 1380403 ----a-w- c:\windows\system32\avgsdk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2100-04-08 17:45 . 2001-02-26 23:10 69632 ------w- c:\windows\system32\Lxasmdm.dll
2010-06-03 15:24 . 2008-01-29 23:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-03 13:40 . 2008-01-13 04:43 -------- d-----w- c:\program files\Java
2010-05-29 04:06 . 2008-01-20 18:40 49440 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 03:33 . 2008-01-20 19:15 -------- d-----w- c:\program files\Yahoo!
2010-05-28 20:11 . 2010-05-28 20:08 2800 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-28 04:08 . 2008-01-13 02:06 1104896 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 04:08 . 2008-01-13 03:20 58880 ----a-w- c:\windows\system32\atl.dll
2010-05-28 02:34 . 2008-01-13 02:06 2188928 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-28 02:32 . 2004-08-04 18:00 2065792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-27 12:18 . 2008-01-13 04:43 -------- d-----w- c:\program files\Common Files\Java
2010-05-12 13:21 . 2008-01-14 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-27 22:16 . 2010-04-24 23:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-24 23:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-24 23:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-24 23:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-24 23:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-24 23:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2010-04-24 23:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2010-04-24 23:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16 . 2010-04-24 23:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2010-04-24 23:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-26 19:14 . 2008-01-30 21:56 9602 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-04-25 03:14 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee.com
2010-04-25 00:12 . 2008-01-13 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-25 00:12 . 2008-01-14 01:08 -------- d-----w- c:\program files\McAfee
2010-04-25 00:11 . 2008-01-14 01:08 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-14 14:27 . 2010-04-14 14:27 2981064 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockIL.exe
2010-04-05 14:50 . 2010-04-05 14:49 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30026901xupd.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.1\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.1\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.1\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.1\ARM\ARM Update\AcrobatUpdater.exe
2001-06-20 22:19 . 2001-06-19 22:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-31_21.56.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 02:45 . 2010-06-10 02:45 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2010-06-07 19:33 . 2010-06-09 01:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-10-15 03:30 . 2010-05-31 21:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-10-15 03:30 . 2010-06-09 01:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-10-15 03:30 . 2010-05-31 21:16 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-03 14:02 . 2010-06-09 01:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-15 07:04 . 2008-10-15 07:04 39792 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\reader_sl.exe
+ 2008-10-15 03:37 . 2008-10-15 03:37 66944 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\PDFPrevHndlrShim.exe
+ 2008-10-15 03:33 . 2008-10-15 03:33 95600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\nppdf32.dll
+ 2006-10-23 05:29 . 2006-10-23 05:29 14456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32Info.exe
+ 2010-06-07 14:42 . 2010-06-07 14:41 153376 c:\windows\system32\javaws.exe
- 2010-05-27 12:17 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
- 2010-05-27 12:17 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
+ 2010-06-07 14:42 . 2010-06-07 14:41 145184 c:\windows\system32\javaw.exe
- 2010-05-27 12:17 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
+ 2010-06-07 14:42 . 2010-06-07 14:41 145184 c:\windows\system32\java.exe
+ 2010-06-07 14:53 . 2010-06-07 14:53 180224 c:\windows\Installer\1539ff.msi
+ 2010-06-07 14:41 . 2010-06-07 14:41 576000 c:\windows\Installer\1539f9.msi
+ 2008-12-01 16:02 . 2010-06-03 15:25 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2008-12-01 16:02 . 2009-06-12 00:59 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2007-04-16 03:56 . 2007-04-16 03:56 389120 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AdobeXMP.dll
+ 2007-05-11 09:06 . 2007-05-11 09:06 341616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.exe
+ 2008-10-15 03:29 . 2008-10-15 03:29 632168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroPDF.dll
+ 2008-10-15 02:55 . 2008-10-15 02:55 1945600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\rt3d.dll
+ 2008-10-15 06:35 . 2008-10-15 06:35 4906496 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AGM.dll
+ 2009-10-27 01:43 . 2009-10-27 01:43 33281024 c:\windows\Installer\5e9c06.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-06-27 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/29/2010 12:24 AM 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/24/2010 6:32 PM 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/8/2008 10:00 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 6:32 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/24/2010 6:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/24/2010 6:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/24/2010 6:32 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/24/2010 6:32 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 9:55 AM 136176]
S3 IRLSSZY;IRLSSZY;c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 6:32 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/24/2010 6:32 PM 83496]
S3 YPARRTSJMFN;YPARRTSJMFN;c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 14:55]

2010-06-09 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2010-05-20 14:18]

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{EBBD3E84-5707-4C24-8FD6-915B8F416CD1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.blackrockcs.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com
TCP: {32620CE8-D0AB-47D9-885B-8FDA4A3A2650} = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82EDBD01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85adf28
\Driver\ACPI -> ACPI.sys @ 0xf8440cb8
\Driver\atapi -> atapi.sys @ 0xf83f8852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
SecurityProcedure -> ntkrnlpa.exe @ 0x80579188
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82a8bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8296a0d
SendHandler -> NDIS.sys @ 0xf82aab40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-06-09 22:11:04
ComboFix-quarantined-files.txt 2010-06-10 03:10
ComboFix2.txt 2010-06-03 03:32
ComboFix3.txt 2010-05-31 22:04

Pre-Run: 162,774,290,432 bytes free
Post-Run: 162,742,927,360 bytes free

- - End Of File - - 49BA63E46AB20F36CC1C8DF8DF8268C1

dbrey99 0 Light Poster · Answer 19 · 2010-06-10T21:29:32+00:00

I'm thinking at this point that starting from scratch may be the best bet. Can I use the system recovery, or should I reformat and reinstall xp?

dbrey99 0 Light Poster · Answer 20 · 2010-06-11T20:20:11+00:00

Yea... they were clean. I'm going to reformat today. Thanks again for all your help in this. If you're everinthe Chicago area lunch is on me!