yahoo groups spam

View previous topic View next topic Go down

yahoo groups spam

Post by damselle on 13th November 2010, 6:15 pm

My yahoo account seems to be spamming the other members of a yahoo group that I began, but have sinced closed. Some interesting things about this. Another members computer was doing something similar. I seem to be the only person whose not getting these emails, either from myself (I usually get emails from the group when I post) or the first offending member. I don't know if the member bringing it to my attention is the only one getting them. I'll have to get back to you on that. There is a link in the emails that is there for the clicking: a site titled rapid share....click here exe.

Here is my OTL log

OTL logfile created on: 11/13/2010 11:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\nightingale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.83 Gb Total Space | 41.29 Gb Free Space | 73.95% Space Free | Partition Type: NTFS

Computer Name: GALAXY | User Name: nightingale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
PRC - [2010/07/31 14:45:25 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010/06/10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/25 11:31:38 | 000,202,752 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
PRC - [2009/08/25 11:31:38 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/09 10:52:56 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/06/21 14:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/31 14:45:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/10/09 10:53:04 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\patrolpro.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 08:02:04 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/31 17:52:56 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/31 14:45:25 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/08/28 20:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 20:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/04/08 07:54:02 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?tab=wn"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/03 17:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 11:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 12:38:25 | 000,000,000 | ---D | M]

[2010/07/29 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Extensions
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions
[2010/10/15 19:16:26 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/11/05 11:05:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/30 05:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\isreaditlater@ideashower.com
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/31 10:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/24 21:12:32 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/31 09:49:53 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/07/28 13:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 07:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nightingale\Recent
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/01 22:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Temp
[2010/10/31 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/31 20:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Google
[2010/10/26 21:37:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 21:37:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 21:37:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/25 17:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Desktop\Collections
[2010/10/23 11:21:04 | 000,634,880 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\Webshots.scr
[2010/10/23 11:21:04 | 000,040,960 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\WebshotsUninstall.exe
[2010/10/23 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2010/10/17 09:55:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 18:13:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 18:13:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 17:23:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/07/31 07:43:33 | 526,443,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Enterprise.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 11:18:17 | 000,013,177 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/13 11:15:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/13 10:25:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 23:25:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 21:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:34:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/11/10 15:14:49 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/07 08:08:47 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:08:47 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:09:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 13:00:28 | 000,014,285 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Alabama.docx
[2010/11/04 17:08:35 | 000,092,246 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 17:08:27 | 000,205,113 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/03 08:29:35 | 000,010,172 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/25 18:03:12 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/25 17:58:45 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/25 17:58:41 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/19 10:28:08 | 000,090,077 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 22:46:05 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:15:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/10 15:14:47 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/05 19:09:46 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 17:08:34 | 000,092,246 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 16:06:20 | 000,205,113 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/04 14:45:42 | 000,015,909 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Your computer is now clean.docx
[2010/11/03 08:29:31 | 000,010,172 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/31 20:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:10:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 12:08:28 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\200901.pdf
[2010/10/23 12:07:42 | 000,244,689 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Native American.PDF
[2010/10/23 12:07:30 | 001,250,816 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\native_american_health.ppt
[2010/10/23 12:07:17 | 000,416,924 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\fulltext.pdf
[2010/10/23 11:21:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/23 11:21:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/23 11:21:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2010/10/22 19:54:23 | 003,800,051 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\12 Paved Paradise and Put Up a Parki.mp3
[2010/10/19 10:28:08 | 000,090,077 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/09/01 11:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/07/31 14:45:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/07/31 14:45:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/07/31 06:42:14 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/28 09:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/31 14:45:25 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys

< %systemroot%\System32\config\*.sav >
[2010/07/28 09:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/28 09:20:09 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/28 09:20:09 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 15:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 17:49:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/19 10:25:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/06 08:12:51 | 004,855,568 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 17:42:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/30 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 21:13:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/10/31 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/01 16:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/28 13:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/01 11:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Epocrates
[2010/07/31 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/10/31 20:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/31 06:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 07:54:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/28 13:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/17 02:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/26 21:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 06:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/13 18:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/29 00:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/30 12:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 07:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 07:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 18:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 21:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/31 12:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/31 07:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/30 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/30 17:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/13 08:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/07/31 07:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\resume
[2010/07/28 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/01 09:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/05 17:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/01 09:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint music manager
[2010/11/05 21:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/11/06 21:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/28 13:41:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/25 18:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2010/08/31 20:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/31 20:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/30 10:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/28 13:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 16:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinPatrol
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/07/28 09:21:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\nightingale\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 11:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:09:02

< >

< >

========== Alternate Data Streams ==========

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam, part duex

Post by damselle on 13th November 2010, 6:17 pm

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
PRC - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
PRC - [2010/07/31 14:45:25 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010/06/10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/25 11:31:38 | 000,202,752 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
PRC - [2009/08/25 11:31:38 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/09 10:52:56 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/06/21 14:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/31 14:45:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/10/24 20:15:54 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2008/10/09 10:53:04 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\patrolpro.dll
MOD - [2008/04/13 19:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 08:02:04 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/31 17:52:56 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/31 14:45:25 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/08/28 20:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 20:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/04/08 07:54:02 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?tab=wn"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/03 17:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 11:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 12:38:25 | 000,000,000 | ---D | M]

[2010/07/29 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Extensions
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions
[2010/10/15 19:16:26 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/11/05 11:05:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/30 05:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\isreaditlater@ideashower.com
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/31 10:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/24 21:12:32 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/31 09:49:53 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/07/28 13:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 07:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nightingale\Recent
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/01 22:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Temp
[2010/10/31 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/31 20:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Google
[2010/10/26 21:37:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 21:37:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 21:37:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/25 17:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Desktop\Collections
[2010/10/23 11:21:04 | 000,634,880 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\Webshots.scr
[2010/10/23 11:21:04 | 000,040,960 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\WebshotsUninstall.exe
[2010/10/23 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2010/10/17 09:55:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 18:13:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 18:13:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 17:23:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/07/31 07:43:33 | 526,443,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Enterprise.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 11:25:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 11:18:17 | 000,013,177 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/13 11:15:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/12 23:25:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 21:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:34:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/11/10 15:14:49 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/07 08:08:47 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:08:47 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:09:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 13:00:28 | 000,014,285 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Alabama.docx
[2010/11/04 17:08:35 | 000,092,246 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 17:08:27 | 000,205,113 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/03 08:29:35 | 000,010,172 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/25 18:03:12 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/25 17:58:45 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/25 17:58:41 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/19 10:28:08 | 000,090,077 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 22:46:05 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:15:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/10 15:14:47 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/05 19:09:46 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 17:08:34 | 000,092,246 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 16:06:20 | 000,205,113 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/04 14:45:42 | 000,015,909 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Your computer is now clean.docx
[2010/11/03 08:29:31 | 000,010,172 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/31 20:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:10:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 12:08:28 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\200901.pdf
[2010/10/23 12:07:42 | 000,244,689 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Native American.PDF
[2010/10/23 12:07:30 | 001,250,816 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\native_american_health.ppt
[2010/10/23 12:07:17 | 000,416,924 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\fulltext.pdf
[2010/10/23 11:21:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/23 11:21:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/23 11:21:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2010/10/22 19:54:23 | 003,800,051 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\12 Paved Paradise and Put Up a Parki.mp3
[2010/10/19 10:28:08 | 000,090,077 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/09/01 11:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/07/31 14:45:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/07/31 14:45:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/07/31 06:42:14 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/28 09:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/31 14:45:25 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys

< %systemroot%\System32\config\*.sav >
[2010/07/28 09:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/28 09:20:09 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/28 09:20:09 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 15:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 17:49:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/19 10:25:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/06 08:12:51 | 004,855,568 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 17:42:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/30 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 21:13:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/10/31 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/01 16:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/28 13:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/01 11:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Epocrates
[2010/07/31 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/10/31 20:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/31 06:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 07:54:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/28 13:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/17 02:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/26 21:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 06:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/13 18:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/29 00:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/30 12:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 07:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 07:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 18:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 21:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/31 12:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/31 07:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/30 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/30 17:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/13 08:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/07/31 07:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\resume
[2010/07/28 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/01 09:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/05 17:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/01 09:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint music manager
[2010/11/05 21:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/11/06 21:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/28 13:41:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/25 18:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2010/08/31 20:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/31 20:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/30 10:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/28 13:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 16:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinPatrol
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/07/28 09:21:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\nightingale\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 11:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:09:02

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam, part trois

Post by damselle on 13th November 2010, 6:23 pm

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
PRC - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
PRC - [2010/07/31 14:45:25 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2010/06/10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/25 11:31:38 | 000,202,752 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
PRC - [2009/08/25 11:31:38 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/09 10:52:56 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/06/21 14:55:56 | 000,208,896 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/31 14:45:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/10/24 20:15:54 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2008/10/09 10:53:04 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\WinPatrol\patrolpro.dll
MOD - [2008/04/13 19:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/31 14:45:25 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 08:02:04 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/31 17:52:57 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/31 17:52:56 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/31 14:45:25 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/08/28 20:48:26 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/28 20:48:26 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/04/08 07:54:02 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?tab=wn"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/03 17:08:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 11:03:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 12:38:25 | 000,000,000 | ---D | M]

[2010/07/29 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Extensions
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions
[2010/10/15 19:16:26 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/11/05 11:05:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/30 05:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\extensions\isreaditlater@ideashower.com
[2010/11/12 17:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/31 10:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/24 21:12:32 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/31 09:49:53 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/07/28 13:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 07:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nightingale\Recent
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/01 22:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Temp
[2010/10/31 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/31 20:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Google
[2010/10/26 21:37:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 21:37:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 21:37:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/25 17:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Desktop\Collections
[2010/10/23 11:21:04 | 000,634,880 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\Webshots.scr
[2010/10/23 11:21:04 | 000,040,960 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\WebshotsUninstall.exe
[2010/10/23 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2010/10/17 09:55:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 18:13:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 18:13:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 17:23:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/07/31 07:43:33 | 526,443,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Enterprise.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 11:25:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 11:18:17 | 000,013,177 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/13 11:15:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/12 23:25:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 21:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:34:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/11/10 15:14:49 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/07 08:08:47 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:08:47 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:09:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 13:00:28 | 000,014,285 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Alabama.docx
[2010/11/04 17:08:35 | 000,092,246 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 17:08:27 | 000,205,113 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/03 08:29:35 | 000,010,172 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/25 18:03:12 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/25 17:58:45 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/25 17:58:41 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/19 10:28:08 | 000,090,077 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 22:46:05 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:15:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/10 15:14:47 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/05 19:09:46 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 17:08:34 | 000,092,246 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 16:06:20 | 000,205,113 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/04 14:45:42 | 000,015,909 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Your computer is now clean.docx
[2010/11/03 08:29:31 | 000,010,172 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/31 20:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:10:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 12:08:28 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\200901.pdf
[2010/10/23 12:07:42 | 000,244,689 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Native American.PDF
[2010/10/23 12:07:30 | 001,250,816 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\native_american_health.ppt
[2010/10/23 12:07:17 | 000,416,924 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\fulltext.pdf
[2010/10/23 11:21:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/23 11:21:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/23 11:21:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2010/10/22 19:54:23 | 003,800,051 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\12 Paved Paradise and Put Up a Parki.mp3
[2010/10/19 10:28:08 | 000,090,077 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/09/01 11:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/07/31 14:45:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/07/31 14:45:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/07/31 06:42:14 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/28 09:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/31 14:45:25 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys

< %systemroot%\System32\config\*.sav >
[2010/07/28 09:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/28 09:20:09 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/28 09:20:09 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 15:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 17:49:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/19 10:25:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/06 08:12:51 | 004,855,568 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 17:42:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/30 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 21:13:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/10/31 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/01 16:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/28 13:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/01 11:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Epocrates
[2010/07/31 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/10/31 20:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/31 06:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 07:54:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/28 13:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/17 02:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/26 21:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 06:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/13 18:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/29 00:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/30 12:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 07:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 07:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 18:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 21:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/31 12:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/31 07:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/30 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/30 17:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/13 08:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/07/31 07:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\resume
[2010/07/28 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/01 09:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/05 17:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/01 09:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint music manager
[2010/11/05 21:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/11/06 21:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/28 13:41:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/25 18:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2010/08/31 20:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/31 20:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/30 10:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/28 13:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 16:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinPatrol
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/07/28 09:21:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\nightingale\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 11:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:09:02

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam, part quatre

Post by damselle on 13th November 2010, 6:26 pm

< End of report >

O1 HOSTS File: ([2010/07/31 09:49:53 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/07/28 13:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 07:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nightingale\Recent
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/01 22:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Temp
[2010/10/31 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/31 20:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Google
[2010/10/26 21:37:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 21:37:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 21:37:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/25 17:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Desktop\Collections
[2010/10/23 11:21:04 | 000,634,880 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\Webshots.scr
[2010/10/23 11:21:04 | 000,040,960 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\WebshotsUninstall.exe
[2010/10/23 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2010/10/17 09:55:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 18:13:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 18:13:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 17:23:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/07/31 07:43:33 | 526,443,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Enterprise.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 11:25:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 11:18:17 | 000,013,177 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/13 11:15:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/12 23:25:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 21:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:34:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/11/10 15:14:49 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/07 08:08:47 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:08:47 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:09:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 13:00:28 | 000,014,285 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Alabama.docx
[2010/11/04 17:08:35 | 000,092,246 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 17:08:27 | 000,205,113 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/03 08:29:35 | 000,010,172 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/25 18:03:12 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/25 17:58:45 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/25 17:58:41 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/19 10:28:08 | 000,090,077 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 22:46:05 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:15:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/10 15:14:47 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/05 19:09:46 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 17:08:34 | 000,092,246 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 16:06:20 | 000,205,113 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/04 14:45:42 | 000,015,909 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Your computer is now clean.docx
[2010/11/03 08:29:31 | 000,010,172 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/31 20:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:10:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 12:08:28 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\200901.pdf
[2010/10/23 12:07:42 | 000,244,689 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Native American.PDF
[2010/10/23 12:07:30 | 001,250,816 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\native_american_health.ppt
[2010/10/23 12:07:17 | 000,416,924 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\fulltext.pdf
[2010/10/23 11:21:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/23 11:21:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/23 11:21:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2010/10/22 19:54:23 | 003,800,051 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\12 Paved Paradise and Put Up a Parki.mp3
[2010/10/19 10:28:08 | 000,090,077 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/09/01 11:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/07/31 14:45:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/07/31 14:45:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/07/31 06:42:14 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/28 09:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/31 14:45:25 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys

< %systemroot%\System32\config\*.sav >
[2010/07/28 09:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/28 09:20:09 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/28 09:20:09 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 15:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 17:49:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/19 10:25:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/06 08:12:51 | 004,855,568 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 17:42:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/30 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 21:13:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/10/31 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/01 16:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/28 13:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/01 11:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Epocrates
[2010/07/31 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/10/31 20:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/31 06:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 07:54:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/28 13:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/17 02:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/26 21:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 06:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/13 18:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/29 00:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/30 12:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 07:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 07:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 18:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 21:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/31 12:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/31 07:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/30 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/30 17:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/13 08:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/07/31 07:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\resume
[2010/07/28 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/01 09:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/05 17:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/01 09:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint music manager
[2010/11/05 21:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/11/06 21:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/28 13:41:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/25 18:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2010/08/31 20:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/31 20:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/30 10:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/28 13:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 16:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinPatrol
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/07/28 09:21:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\nightingale\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 11:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:09:02

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
[2010/08/24 21:12:32 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/31 09:49:53 | 000,609,487 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/07/28 13:36:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 07:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\nightingale\Recent
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/05 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/01 22:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Temp
[2010/10/31 20:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/31 20:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/31 20:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Local Settings\Application Data\Google
[2010/10/26 21:37:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/26 21:37:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/26 21:37:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/25 17:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nightingale\Desktop\Collections
[2010/10/23 11:21:04 | 000,634,880 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\Webshots.scr
[2010/10/23 11:21:04 | 000,040,960 | ---- | C] (Auralis, Inc.) -- C:\WINDOWS\WebshotsUninstall.exe
[2010/10/23 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webshots
[2010/10/17 09:55:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 18:13:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 18:13:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 17:23:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/07/31 07:43:33 | 526,443,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Enterprise.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 11:25:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 11:18:17 | 000,013,177 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/13 11:15:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/12 23:25:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 21:13:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:34:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/11/10 15:14:49 | 000,010,188 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/07 08:08:47 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:08:47 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:09:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/05 13:00:28 | 000,014,285 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Alabama.docx
[2010/11/04 17:08:35 | 000,092,246 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 17:08:27 | 000,205,113 | ---- | M] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/03 08:29:35 | 000,010,172 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/25 18:03:12 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/25 17:58:45 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/25 17:58:41 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/19 10:28:08 | 000,090,077 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | M] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/10/17 09:58:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nightingale\Desktop\OTL.com
[2010/10/15 22:46:05 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/13 11:15:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\nightingale\Desktop\~$anning with OTL.docx
[2010/11/10 15:14:47 | 000,010,188 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Ania.docx
[2010/11/05 19:09:46 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\nightingale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/05 19:09:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 17:08:34 | 000,092,246 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Doc1.docx
[2010/11/04 16:06:20 | 000,205,113 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\rally.docx
[2010/11/04 14:45:42 | 000,015,909 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Your computer is now clean.docx
[2010/11/03 08:29:31 | 000,010,172 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\black walnut.docx
[2010/10/31 20:11:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/31 20:10:52 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 20:10:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 12:08:28 | 000,047,636 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\200901.pdf
[2010/10/23 12:07:42 | 000,244,689 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\Native American.PDF
[2010/10/23 12:07:30 | 001,250,816 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\native_american_health.ppt
[2010/10/23 12:07:17 | 000,416,924 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\fulltext.pdf
[2010/10/23 11:21:16 | 001,440,054 | ---- | C] () -- C:\WINDOWS\WebshotsForNightingale.bmp
[2010/10/23 11:21:13 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\nightingale\Start Menu\Programs\Startup\Webshots.lnk
[2010/10/23 11:21:08 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2010/10/22 19:54:23 | 003,800,051 | ---- | C] () -- C:\Documents and Settings\nightingale\My Documents\12 Paved Paradise and Put Up a Parki.mp3
[2010/10/19 10:28:08 | 000,090,077 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\_).email
[2010/10/17 10:48:33 | 000,103,902 | ---- | C] () -- C:\Documents and Settings\nightingale\Desktop\Scanning with OTL.docx
[2010/09/01 11:30:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/07/31 14:45:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2010/07/31 14:45:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/07/31 06:42:14 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/28 09:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/31 14:45:25 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys

< %systemroot%\System32\config\*.sav >
[2010/07/28 09:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/28 09:20:09 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/28 09:20:09 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 11:27:19 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 15:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/09/03 11:29:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/09/03 11:34:10 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 11:39:08 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 11:39:11 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 11:49:59 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 11:49:59 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 11:50:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 11:50:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 11:50:01 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 17:49:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/19 10:25:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/28 13:36:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/12 21:13:45 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 18:25:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/09/06 08:12:51 | 004,855,568 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/28 13:36:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 17:42:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/30 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 21:13:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/28 13:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/10/31 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/01 16:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/28 13:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/01 11:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Epocrates
[2010/07/31 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/10/31 20:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/31 06:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/13 07:54:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/28 13:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/17 02:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/26 21:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/25 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 06:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/13 18:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/07/29 00:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/30 12:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/07/31 07:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/31 07:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/08 18:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/13 21:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/31 12:39:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/31 07:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/07/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/30 10:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/28 15:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/30 17:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/10/13 08:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2010/07/31 07:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\resume
[2010/07/28 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/01 09:51:23 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/09/05 17:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/01 09:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint music manager
[2010/11/05 21:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/11/06 21:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/08/07 09:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/07/28 13:41:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/25 18:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2010/08/31 20:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/31 20:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/07/30 10:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/07/28 13:32:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/12 16:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinPatrol
[2010/07/28 13:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/07/28 09:21:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\nightingale\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 11:27:33 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 12:04:09 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2010/07/30 10:31:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:09:02

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam, part cinq

Post by damselle on 13th November 2010, 6:29 pm

OTL Extras logfile created on: 11/13/2010 11:20:00 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\nightingale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.83 Gb Total Space | 41.29 Gb Free Space | 73.95% Space Free | Partition Type: NTFS

Computer Name: GALAXY | User Name: nightingale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"hp instant support" = hp instant support
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SprintMusicManagerA" = Sprint music manager
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Webshots" = Webshots!
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 10:59:38 AM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 9:11:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 10/31/2010 9:15:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 11/5/2010 10:08:52 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1376 (0x560) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\nightingale\Local
Settings\Temporary Internet Files\Content.IE5\VPKASW7E\Public[1].txt by C:\Program
Files\MSN\MSNCoreFiles\msn.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/5/2010 10:10:39 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x7d1 : The specified driver
is invalid.

Error - 11/6/2010 8:22:19 AM | Computer Name = GALAXY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/11/2010 9:10:32 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:10:54 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:04 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:14 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:30 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:39 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:23 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:44 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:36:21 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 688
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/5/2010 10:09:29 PM | Computer Name = GALAXY | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.

Error - 11/6/2010 7:07:15 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/6/2010 7:08:42 AM | Computer Name = GALAXY | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f8b4b56c, parameter3
f2115afc, parameter4 00000000.

Error - 11/6/2010 11:21:34 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 11/7/2010 9:07:34 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/8/2010 6:15:31 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/9/2010 7:43:43 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/11/2010 8:23:06 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 6:35:07 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 10:14:15 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"hp instant support" = hp instant support
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SprintMusicManagerA" = Sprint music manager
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Webshots" = Webshots!
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 10:59:38 AM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 9:11:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 10/31/2010 9:15:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 11/5/2010 10:08:52 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1376 (0x560) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\nightingale\Local
Settings\Temporary Internet Files\Content.IE5\VPKASW7E\Public[1].txt by C:\Program
Files\MSN\MSNCoreFiles\msn.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/5/2010 10:10:39 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x7d1 : The specified driver
is invalid.

Error - 11/6/2010 8:22:19 AM | Computer Name = GALAXY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/11/2010 9:10:32 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:10:54 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:04 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:14 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:30 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:39 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:23 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:44 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:36:21 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 688
seconds with 0 seconds of active time. This session ended with a crash.


damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam, part six

Post by damselle on 13th November 2010, 6:33 pm

[ System Events ]
Error - 11/5/2010 10:09:29 PM | Computer Name = GALAXY | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.

Error - 11/6/2010 7:07:15 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/6/2010 7:08:42 AM | Computer Name = GALAXY | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f8b4b56c, parameter3
f2115afc, parameter4 00000000.

Error - 11/6/2010 11:21:34 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 11/7/2010 9:07:34 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/8/2010 6:15:31 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/9/2010 7:43:43 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/11/2010 8:23:06 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 6:35:07 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 10:14:15 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"hp instant support" = hp instant support
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SprintMusicManagerA" = Sprint music manager
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Webshots" = Webshots!
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 10:59:38 AM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 1:01:40 PM | Computer Name = GALAXY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/31/2010 9:11:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 10/31/2010 9:15:06 PM | Computer Name = GALAXY | Source = Google Update | ID = 20
Description =

Error - 11/5/2010 10:08:52 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1376 (0x560) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\nightingale\Local
Settings\Temporary Internet Files\Content.IE5\VPKASW7E\Public[1].txt by C:\Program
Files\MSN\MSNCoreFiles\msn.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/5/2010 10:10:39 PM | Computer Name = GALAXY | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x7d1 : The specified driver
is invalid.

Error - 11/6/2010 8:22:19 AM | Computer Name = GALAXY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/11/2010 9:10:32 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:10:54 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:04 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:14 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:30 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/11/2010 9:11:39 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:23 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:24:44 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2010 3:36:21 AM | Computer Name = GALAXY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 688
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/5/2010 10:09:29 PM | Computer Name = GALAXY | Source = DCOM | ID = 10010
Description = The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register
with DCOM within the required timeout.

Error - 11/6/2010 7:07:15 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/6/2010 7:08:42 AM | Computer Name = GALAXY | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f8b4b56c, parameter3
f2115afc, parameter4 00000000.

Error - 11/6/2010 11:21:34 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 11/7/2010 9:07:34 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/8/2010 6:15:31 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/9/2010 7:43:43 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/11/2010 8:23:06 AM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 6:35:07 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/12/2010 10:14:15 PM | Computer Name = GALAXY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

yahoo groups spam: p.s.

Post by damselle on 13th November 2010, 6:35 pm

p.s. OTL scan very sluggish

Thank you,
db

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: yahoo groups spam

Post by Belahzur on 14th November 2010, 12:14 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: yahoo groups spam

Post by damselle on 17th November 2010, 1:48 am

here is my combofix log:

ComboFix 10-11-15.06 - nightingale 11/16/2010 19:56:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.306 [GMT -5:00]
Running from: c:\documents and settings\nightingale\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-06 00:09 . 2010-11-11 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-06 00:09 . 2010-11-06 02:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-02 03:15 . 2010-11-02 03:19 -------- d-----w- c:\documents and settings\nightingale\Local Settings\Application Data\Temp
2010-11-01 01:15 . 2010-11-01 01:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-11-01 01:11 . 2010-11-01 01:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-11-01 01:10 . 2010-11-01 01:10 -------- d-----w- c:\program files\Google
2010-11-01 01:10 . 2010-11-01 01:10 -------- d-----w- c:\documents and settings\nightingale\Local Settings\Application Data\Google
2010-10-23 16:21 . 2002-06-21 19:55 634880 ----a-w- c:\windows\Webshots.scr
2010-10-23 16:21 . 2002-06-21 19:55 40960 ----a-w- c:\windows\WebshotsUninstall.exe
2010-10-23 16:20 . 2010-11-13 23:53 -------- d-----w- c:\program files\Webshots

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 16:41 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 16:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-07-31 15:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2010-07-31 15:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-06 13:11 . 2010-09-06 13:11 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\PalmDesktopShortcut.exe
2010-09-06 13:11 . 2010-09-06 13:11 40960 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut6_45BA714564B04B5DBDC240E20FCDC6DC.exe
2010-09-06 13:11 . 2010-09-06 13:11 40960 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut1_45BA714564B04B5DBDC240E20FCDC6DC.exe
2010-09-06 13:11 . 2010-09-06 13:11 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:11 . 2010-09-06 13:11 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\ARPPRODUCTICON.exe
2010-09-06 13:11 . 2010-09-06 13:11 49152 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut3.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:10 . 2010-09-06 13:10 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut6.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:10 . 2010-09-06 13:10 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut5.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:10 . 2010-09-06 13:10 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut4.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:10 . 2010-09-06 13:10 65536 ----a-r- c:\documents and settings\nightingale\Application Data\Microsoft\Installer\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}\NewShortcut2.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
2010-09-06 13:02 . 2004-06-09 18:27 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2010-09-06 13:01 . 2004-04-13 14:54 53248 ----a-w- c:\windows\PalmDevC.dll
2010-09-01 11:51 . 2002-09-03 16:27 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2002-09-03 17:11 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2002-09-03 17:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2002-09-03 17:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2002-09-03 17:04 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-07-30 18:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2002-09-03 16:29 617472 ----a-w- c:\windows\system32\comctl32.dll
2009-06-23 20:28 . 2010-07-31 12:43 526443824 ----a-w- c:\program files\Enterprise.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-07-31 221184]
"WinPatrol"="c:\program files\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\nightingale\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2010-10-23 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-07-31 22:52 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/31/2010 7:17 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/31/2010 7:17 AM 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/24/2010 8:47 PM 88176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 8:10 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/31/2010 7:17 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-01 01:10]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-01 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\nightingale\Application Data\Mozilla\Firefox\Profiles\rjils167.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-16 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1444)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\SnoopFreeDll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-16 20:06:51
ComboFix-quarantined-files.txt 2010-11-17 01:06

Pre-Run: 44,210,294,784 bytes free
Post-Run: 44,189,671,424 bytes free

- - End Of File - - F1C525C2B65BBEE54EEDA6B42EAB66D9

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: yahoo groups spam

Post by Belahzur on 17th November 2010, 11:35 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: yahoo groups spam

Post by damselle on 18th November 2010, 10:23 am

Eset found nothing and has no report for me.

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: yahoo groups spam

Post by Belahzur on 19th November 2010, 12:51 am

Okay, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: yahoo groups spam

Post by damselle on 19th November 2010, 2:01 pm

My machine has been working fine all along. it's my yahoo account that is spamming people. and their getting angry.

we haven't removed anything. is my machine clean? could I have a stealth hijacker, who perhaps was never removed from the last infection?

is this a yahoo problem? if so, how do I get them to address it?

THX, db

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: yahoo groups spam

Post by Belahzur on 20th November 2010, 12:37 am

Hello.
I figured this would happen. This infection isn't your machine, it's your Yahoo itself, you need to change your Yahoo password.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: yahoo groups spam

Post by damselle on 20th November 2010, 2:46 pm

ok! thank you so much for the reassurance!

Peace,
db

damselle
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-08-13
OS OS : winxp sp3
Points Points : 23418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: yahoo groups spam

Post by Belahzur on 21st November 2010, 12:04 am

Once the pass is changed, see if it keeps happening.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum