0

it started when i downloaded a cracked keygen and it looked suspicious but i let my guard down and downloaded it anyways because i had just downloaded a keygen for photoshop cs5 and it worked with no problems. so i decided to try and get one for after effects and premiere pro. i downloaded it and all hell broke loose. i keep getting redirected in firefox every once in a while, but in ie it does it everytime. when i was running gmer my computer dumped/crashed a couple of times, i have run mbam several times and received different logs too. any help would be greatly appreciated. thank you for taking your time to help me. Kenny G

Attachments
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 5:05:18 PM
System Uptime: 7/1/2010 3:39:08 AM (0 hours ago)

Motherboard: Dell Computer Corp. |  | 0G1548
Processor:               Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2192/400mhz

==== Disk Partitions =========================

A: is Removable
C: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 205.077 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Service: 

==== System Restore Points ===================

RP685: 6/28/2010 11:51:05 PM - System Checkpoint
RP686: 6/29/2010 12:22:52 AM - Removed Search Settings v1.2.3.
RP687: 6/29/2010 4:35:07 AM - Software Distribution Service 3.0
RP688: 6/29/2010 9:18:56 AM - Software Distribution Service 3.0
RP689: 6/29/2010 9:23:22 AM - Software Distribution Service 3.0
RP690: 6/29/2010 9:25:58 AM - Software Distribution Service 3.0
RP691: 6/29/2010 7:47:58 PM - Software Distribution Service 3.0
RP692: 6/30/2010 3:00:22 AM - Software Distribution Service 3.0
RP693: 6/30/2010 4:37:56 PM - Removed Google Toolbar for Internet Explorer
RP694: 6/30/2010 4:38:57 PM - Removed Google Gears
RP695: 6/30/2010 11:01:58 PM - Installed HiJackThis
RP696: 7/1/2010 3:26:48 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AdobeColorCommonSetRGB
AIO_Scan
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
BufferChm
C4200
C4200_doccd
c4200_Help
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell ResourceCD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
ESET Online Scanner v3
eSupportQFolder
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 3.5
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
LimeWire 5.3.6
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.6)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
OGA Notifier 2.0.0048.0
PDF Settings CS5
Power Tab Editor 1.7
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
R.A.L.E. Lung Sounds
R.A.L.E. Lung Sounds Demo
Registry Mechanic 9.0
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SolutionCenter
Sonic Update Manager
SoundMAX
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 5:05:18 PM
System Uptime: 7/1/2010 5:13:42 AM (4 hours ago)

Motherboard: Dell Computer Corp. |  | 0G1548
Processor:               Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2192/400mhz

==== Disk Partitions =========================

A: is Removable
C: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 204.957 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Service: 

==== System Restore Points ===================

RP685: 6/28/2010 11:51:05 PM - System Checkpoint
RP686: 6/29/2010 12:22:52 AM - Removed Search Settings v1.2.3.
RP687: 6/29/2010 4:35:07 AM - Software Distribution Service 3.0
RP688: 6/29/2010 9:18:56 AM - Software Distribution Service 3.0
RP689: 6/29/2010 9:23:22 AM - Software Distribution Service 3.0
RP690: 6/29/2010 9:25:58 AM - Software Distribution Service 3.0
RP691: 6/29/2010 7:47:58 PM - Software Distribution Service 3.0
RP692: 6/30/2010 3:00:22 AM - Software Distribution Service 3.0
RP693: 6/30/2010 4:37:56 PM - Removed Google Toolbar for Internet Explorer
RP694: 6/30/2010 4:38:57 PM - Removed Google Gears
RP695: 6/30/2010 11:01:58 PM - Installed HiJackThis
RP696: 7/1/2010 3:26:48 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AdobeColorCommonSetRGB
AIO_Scan
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
BufferChm
C4200
C4200_doccd
c4200_Help
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell ResourceCD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
ESET Online Scanner v3
eSupportQFolder
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 3.5
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
LimeWire 5.3.6
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.6)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
OGA Notifier 2.0.0048.0
PDF Settings CS5
Power Tab Editor 1.7
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
R.A.L.E. Lung Sounds
R.A.L.E. Lung Sounds Demo
Registry Mechanic 9.0
Scan
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SolutionCenter
Sonic Update Manager
SoundMAX
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL 
Run by Administrator at  3:42:51.00 on Thu 07/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.1007 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\system32\svchost.exe -k netsvcs
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
F:\WINDOWS\Explorer.EXE
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - f:\program files\hp\smart web printing\hpswp_framework.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - f:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - f:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - f:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - f:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - f:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - f:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - f:\program files\windows live\toolbar\wltcore.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] 
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] f:\program files\registry mechanic\RegMech.exe /H
uRunOnce: [Shockwave Updater] f:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MSN Optimized;US)" -"http://www.box10.com/oversize.html"
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [StorageGuard] "f:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] "f:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [hpqSRMon] f:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "f:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] f:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "f:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [msnmsgr] "f:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - f:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - f:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\87w6nvt3.default\
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={b56616b0-97cd-11de-bf0c-000d565118a9}&q=
FF - component: f:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: f:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: f:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: f:\program files\microsoft\office live\npOLW.dll
FF - plugin: f:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - f:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
f:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
f:\program
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Administrator at  9:51:10.75 on Thu 07/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.751 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\McAfee.com\Agent\mcagent.exe
F:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Registry Mechanic\RegMech.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\WINDOWS\System32\svchost.exe -k Akamai
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\system32\svchost.exe -k hpdevmgmt
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
F:\WINDOWS\System32\svchost.exe -k HPZ12
F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
F:\WINDOWS\System32\svchost.exe -k imgsvc
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - f:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - f:\program files\hp\smart web printing\hpswp_framework.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - f:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - f:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - f:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - f:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - f:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - f:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - f:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - f:\program files\windows live\toolbar\wltcore.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] 
uRun: [MSMSGS] "f:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] f:\program files\registry mechanic\RegMech.exe /H
uRunOnce: [Shockwave Updater] f:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MSN Optimized;US)" -"http://www.box10.com/oversize.html"
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [StorageGuard] "f:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [HP Software Update] f:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] "f:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [hpqSRMon] f:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "f:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "f:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "f:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "f:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] f:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "f:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
dRun: [msnmsgr] "f:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - f:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - f:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - f:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - f:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\87w6nvt3.default\
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKWO50020&sbs=1&sc=&f=web&vernum=3.2&uid=&did={b56616b0-97cd-11de-bf0c-000d565118a9}&q=
FF - component: f:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: f:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: f:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: f:\program files\microsoft\office live\npOLW.dll
FF - plugin: f:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassista
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 09:49:16
Windows 5.1.2600 Service Pack 3
Running: p3b708zn.exe; Driver: F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwriikod.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateFile [0xB0DA778A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateKey [0xB0DA7821]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcess [0xB0DA7738]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcessEx [0xB0DA774C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwDeleteKey [0xB0DA7835]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwDeleteValueKey [0xB0DA7861]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwEnumerateKey [0xB0DA78CF]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwEnumerateValueKey [0xB0DA78B9]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0xB0DA77CA]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwNotifyChangeKey [0xB0DA78FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenKey [0xB0DA780D]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenProcess [0xB0DA7710]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenThread [0xB0DA7724]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwProtectVirtualMemory [0xB0DA779E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryKey [0xB0DA7937]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryMultipleValueKey [0xB0DA78A3]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryValueKey [0xB0DA788D]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRenameKey [0xB0DA784B]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwReplaceKey [0xB0DA7923]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRestoreKey [0xB0DA790F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetContextThread [0xB0DA7776]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetInformationProcess [0xB0DA7762]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetValueKey [0xB0DA7877]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0xB0DA77F9]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnloadKey [0xB0DA78E5]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0xB0DA77E0]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwYieldExecution [0xB0DA77B4]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                   Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                      mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 09:49:16
Windows 5.1.2600 Service Pack 3
Running: p3b708zn.exe; Driver: F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwriikod.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateFile [0xB0DA778A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateKey [0xB0DA7821]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcess [0xB0DA7738]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcessEx [0xB0DA774C]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwDeleteKey [0xB0DA7835]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwDeleteValueKey [0xB0DA7861]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwEnumerateKey [0xB0DA78CF]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwEnumerateValueKey [0xB0DA78B9]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0xB0DA77CA]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwNotifyChangeKey [0xB0DA78FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenKey [0xB0DA780D]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenProcess [0xB0DA7710]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenThread [0xB0DA7724]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwProtectVirtualMemory [0xB0DA779E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryKey [0xB0DA7937]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryMultipleValueKey [0xB0DA78A3]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryValueKey [0xB0DA788D]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRenameKey [0xB0DA784B]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwReplaceKey [0xB0DA7923]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRestoreKey [0xB0DA790F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetContextThread [0xB0DA7776]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetInformationProcess [0xB0DA7762]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetValueKey [0xB0DA7877]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0xB0DA77F9]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnloadKey [0xB0DA78E5]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0xB0DA77E0]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwYieldExecution [0xB0DA77B4]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                   Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                      mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4263

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/1/2010 5:12:42 AM
mbam-log-2010-07-01 (05-12-42).txt

Scan type: Full scan (F:\|)
Objects scanned: 195001
Time elapsed: 1 hour(s), 10 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Administrator\My Documents\Lil Kennys Stuff\Photoshop\Adobe_CS5_All_Products\Adobe CS5 All Products Keygens + Individual Product Keygen\Adobe Photoshop CS5 Extended v12.0 Keygen\adobe_PS_CS5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP685\A0051611.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP685\A0051613.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP685\A0051617.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP685\A0051621.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP686\A0051676.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{05322A46-3848-49C9-9470-D4025FB7EA59}\RP686\A0051677.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4263

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2010 6:47:54 AM
mbam-log-2010-07-01 (06-47-54).txt

Scan type: Full scan (F:\|)
Objects scanned: 198523
Time elapsed: 1 hour(s), 19 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
2
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by Kenny24
0

it started when i downloaded a cracked keygen and it looked suspicious but i let my guard down and downloaded it anyways because i had just downloaded a keygen for photoshop cs5 and it worked with no problems..... any help would be greatly appreciated. thank you for taking your time to help me. Kenny G

Hi Kenny,

It sounds to me like you have been bitten by one of the newer TDSS Rootkit variants.

In cases such as yours, we generally recommend that you contact the support staff of the site you download your cracks and keygens from for removal assistance.
Our volunteers tend not to get involved with these cases.

Best Luck :)
PP

0

dang that really sucks because i have no idea what the site was :(, but any help with this will be greatly appreciated. Thank You, Kenny. Here is actually a other log that was ran before i went in and deleted alot of registry keys and files

Attachments
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4263

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2010 11:41:46 PM
mbam-log-2010-06-30 (23-41-46).txt

Scan type: Quick scan
Objects scanned: 148772
Time elapsed: 19 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
0

well if theres no easy fix to this, would backing up my files and running a kill disk work?

0

i have run mbam again and nothing has popped up, i did have this on the 29th when it all started but it was deleted (see below) and today i ran rootkitrevealer and got this (see below)

Attachments
HKLM\SECURITY\Policy\Secrets\SAC*	11/6/2008 6:16 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	11/6/2008 6:16 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed	7/1/2010 7:31 PM	80 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Multimedia\5	7/1/2010 7:30 PM	4 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4200 series\ChangeID	7/1/2010 7:20 PM	4 bytes	Data mismatch between Windows API and raw hive data.
F:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt	7/1/2010 7:52 PM	187 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Cookies\administrator@microsoft[1].txt	7/1/2010 7:52 PM	138 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Cookies\administrator@www.microsoft[1].txt	7/1/2010 7:51 PM	182 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temp\JmKyl902.exe.part	7/1/2010 7:37 PM	0 bytes	Visible in Windows API, but not in MFT or directory index.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\05DUMTID\ScriptResource[1].axd	7/1/2010 7:48 PM	31.50 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\05DUMTID\WebResource[1].css	7/1/2010 7:48 PM	2.02 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\05DUMTID\WebResource[2].css	7/1/2010 7:48 PM	1.36 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\524JN9ME\favicon[2].ico	7/1/2010 7:48 PM	3.55 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\524JN9ME\MMPC_Icon_Search[1].png	7/1/2010 7:48 PM	1.21 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\524JN9ME\WebResource[1].axd	7/1/2010 7:48 PM	20.31 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\788CVZQF\rc_white_leftborder[1].png	7/1/2010 7:48 PM	192 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\788CVZQF\top_page_bg[1].jpg	7/1/2010 7:48 PM	731 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\78JSWD1K\ScriptResource[1].axd	7/1/2010 7:48 PM	97.12 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\78JSWD1K\SecurityCritical[1].png	7/1/2010 7:48 PM	1.55 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E84H3E0Y\footer_bg[1].jpg	7/1/2010 7:48 PM	1.14 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E84H3E0Y\footer_middle_bg[1].jpg	7/1/2010 7:48 PM	391 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E84H3E0Y\IEoverride[1].css	7/1/2010 7:48 PM	427 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E84H3E0Y\Malware-Shield_Banner-B[1].png	7/1/2010 7:48 PM	9.15 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HG5AD8HN\Forefront%20Grid%20generic%20brand%20h_small[1].jpg	7/1/2010 7:51 PM	3.55 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HG5AD8HN\rc_white_topright[1].png	7/1/2010 7:48 PM	323 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HG5AD8HN\WebResource[1].axd	7/1/2010 7:48 PM	4.84 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJDZ2FMT\mpam-fe[1].exe	7/1/2010 8:04 PM	54.97 MB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJDZ2FMT\mpam-fe[1].exe:Zone.Identifier	7/1/2010 8:04 PM	26 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJDZ2FMT\mpas-fe[1].exe	7/1/2010 7:56 PM	13.81 MB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJDZ2FMT\mpas-fe[1].exe:Zone.Identifier	7/1/2010 7:56 PM	26 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IJDZ2FMT\WebResource[1].gif	7/1/2010 7:48 PM	43 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JHI00XYO\ms_logo[1].png	7/1/2010 7:48 PM	3.36 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JHI00XYO\rc_white_topleft[1].png	7/1/2010 7:48 PM	315 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JHI00XYO\wt[1].js	7/1/2010 7:49 PM	34.00 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NG1DWCQG\rc_white_topborder[1].png	7/1/2010 7:48 PM	201 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NVUXBJZH\menubg[1].png	7/1/2010 7:48 PM	159 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PR30TWND\Naming-conv[1].png	7/1/2010 7:51 PM	17.48 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PR30TWND\rc_white_bottomright[1].png	7/1/2010 7:48 PM	321 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q6O5Z2FU\Common[1].css	7/1/2010 7:48 PM	13.72 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q6O5Z2FU\Default[1].css	7/1/2010 7:48 PM	2.87 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q6O5Z2FU\menuinnerbg[1].png	7/1/2010 7:49 PM	137 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VG8074FI\bottom_page_bg[1].jpg	7/1/2010 7:48 PM	474 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VG8074FI\header_bg[1].jpg	7/1/2010 7:48 PM	3.97 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VOZ3EKVZ\rc_white_bottomborder[1].png	7/1/2010 7:48 PM	200 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VOZ3EKVZ\WebResource[1].axd	7/1/2010 7:48 PM	2.66 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X4TTS7FF\rc_white_bottomleft[1].png	7/1/2010 7:48 PM	305 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X4TTS7FF\SecurityEssentials_h_bL[1].png	7/1/2010 7:51 PM	3.73 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\X4TTS7FF\Windows%20Defenderlogo_small[1].jpg	7/1/2010 7:51 PM	3.86 KB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZP8U68GP\header_middle_bg[1].jpg	7/1/2010 7:48 PM	706 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZP8U68GP\rc_white_rightborder[1].png	7/1/2010 7:48 PM	194 bytes	Hidden from Windows API.
F:\Documents and Settings\Administrator\My Documents\Downloads\windows-kb890830-v3.8.exe	7/1/2010 7:38 PM	9.86 MB	Hidden from Windows API.
F:\Documents and Settings\Administrator\Recent\Attach in safe mode.lnk	7/1/2010 9:57 AM	865 bytes	Visible in Windows API, but not in MFT or directory index.
F:\Documents and Settings\Administrator\Recent\heart_PDF_.lnk	4/2/2010 10:51 PM	517 bytes	Visible in Windows API, but not in MFT or directory index.
F:\Documents and Settings\Administrator\Recent\RootkitReveal..lnk	7/1/2010 8:12 PM	513 bytes	Hidden from Windows API.
F:\Documents and Settings\LocalService\My Documents	7/1/2010 8:11 PM	0 bytes	Hidden from Windows API.
F:\Documents and Settings\LocalService\My Documents\desktop.ini	7/1/2010 8:11 PM	77 bytes	Hidden from Windows API.
F:\Documents and Settings\LocalService\Recent	7/1/2010 8:11 PM	0 bytes	Hidden from Windows API.
F:\Documents and Settings\LocalService\Recent\Desktop.ini	7/1/2010 8:11 PM	150 bytes	Hidden from Windows API.
F:\Program Files\McAfee\MSK\Config\cstreams\77862	7/1/2010 6:14 PM	0 bytes	Visible in Windows API, but not in MFT or directory index.
F:\Program Files\McAfee\MSK\Config\cstreams\77862\cstreams.lua	7/1/2010 6:14 PM	4.81 KB	Visible in Windows API, but not in MFT or directory index.
F:\Program Files\McAfee\MSK\Config\cstreams\77862\cstreams.rgx	7/1/2010 6:14 PM	1.27 MB	Visible in Windows API, but not in MFT or directory index.
F:\Program Files\McAfee\MSK\Config\cstreams\77862\manifest	7/1/2010 6:14 PM	294 bytes	Visible in Windows API, but not in MFT or directory index.
F:\Program Files\McAfee\MSK\Config\cstreams\77863	7/1/2010 8:14 PM	0 bytes	Hidden from Windows API.
F:\Program Files\McAfee\MSK\Config\cstreams\77863\cstreams.lua	7/1/2010 8:14 PM	4.81 KB	Hidden from Windows API.
F:\Program Files\McAfee\MSK\Config\cstreams\77863\cstreams.rgx	7/1/2010 8:1
F:\Documents and Settings\Administrator\Local Settings\Temp\Avf.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
F:\Documents and Settings\Administrator\Local Settings\Temp\Avg.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
F:\Documents and Settings\Administrator\Local Settings\Temp\Avi.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
F:\Documents and Settings\Administrator\Local Settings\Temp\Avj.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
F:\WINDOWS\Anepea.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
F:\WINDOWS\Anepeb.exe	a variant of Win32/Kryptik.FEP trojan	cleaned by deleting - quarantined
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.