Free Malware Removal Forum

[bpstone]

Hello. I am having as a problem that, when using Firefox, my google search links re-direct me to sites that are not what the search page shows. Surely I'm infected somehow. I've run Malwarebytes, Spybot, and Adaware, but to no avail. Here is my Hijack this log. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:58 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 12275 bytes

[Bio-Hazard]

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

• I will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• I f you don't know or understand something please don't hesitate to ask.
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!

[Bio-Hazard]

random's system information tool (RSIT)

• Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt (<<will be maximized)
  • info.txt (<<will be minimized)
• Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

[bpstone]

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-03-29 11:47:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 116 GB (51%) free of 229 GB
Total RAM: 1015 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:29 AM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Documents and Settings\HP_Administrator\Desktop\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 12220 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\jpwlkvuy.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CFD7DB17-7288-4D16-B8E9-76108534956D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-11-02 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-11-02 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-18 61952]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-12-01 126976]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-02 180269]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2008-03-14 136512]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-16 148888]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3451be4-bc13-11d9-bafb-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-03-29 11:47:53 ----D---- C:\rsit
2009-03-29 02:32:52 ----D---- C:\Program Files\American Airlines TravelDesk
2009-03-29 02:29:36 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-03-23 10:55:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2009-03-23 10:54:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2009-03-23 09:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-03-23 09:55:33 ----D---- C:\Program Files\Common Files\iS3
2009-03-23 09:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-03-23 02:09:43 ----D---- C:\Program Files\Trend Micro
2009-03-20 09:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-03-20 01:23:55 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Registry Cleaner
2009-03-19 09:52:55 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HP
2009-03-18 08:53:47 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Blackberry Desktop
2009-03-18 00:10:52 ----D---- C:\Program Files\Roxio
2009-03-17 23:52:30 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Research In Motion
2009-03-17 10:35:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-03-17 10:34:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-17 07:09:46 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 06:59:38 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-03-17 06:35:47 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-16 08:02:24 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2009-03-16 08:02:10 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2009-03-16 05:29:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2009-03-16 05:09:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2009-03-16 05:06:39 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-03-16 05:06:31 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-03-16 05:06:31 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-03-16 05:06:31 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-03-16 05:06:30 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-03-16 04:54:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HPAppData
2009-03-16 04:38:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-16 04:38:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-16 04:38:24 ----A---- C:\WINDOWS\system32\java.exe
2009-03-15 22:39:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-15 22:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-15 22:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-15 22:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-15 22:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-15 22:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-15 22:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-15 22:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-15 22:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-15 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-15 22:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-15 22:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-15 22:11:15 ----D---- C:\WINDOWS\system32\scripting
2009-03-15 22:11:11 ----D---- C:\WINDOWS\system32\bits
2009-03-15 21:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-15 21:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-03-15 21:23:58 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-03-15 21:15:57 ----A---- C:\WINDOWS\system32\hpz3l5k2.dll
2009-03-15 21:15:42 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-15 21:14:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-15 21:12:46 ----D---- C:\Program Files\Common Files\L&H
2009-03-15 21:12:31 ----D---- C:\WINDOWS\system32\Lang
2009-03-15 21:12:16 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-03-15 21:12:14 ----D---- C:\Program Files\Microsoft ActiveSync
2009-03-15 21:11:29 ----D---- C:\Program Files\Common Files\DESIGNER
2009-03-15 21:10:33 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-03-15 21:10:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\InterMute
2009-03-15 21:10:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-03-15 21:10:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2009-03-15 21:10:22 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-03-15 21:10:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2009-03-15 21:10:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2009-03-15 21:10:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-03-15 21:09:48 ----D---- C:\Program Files\Microsoft.NET
2009-03-15 21:08:10 ----RHD---- C:\MSOCache
2009-03-15 21:08:01 ----D---- C:\WINDOWS\system32\RTCOM
2009-03-15 21:06:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-15 21:02:34 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-03-15 20:32:25 ----A---- C:\WINDOWS\system32\mfevtps.exe
2009-03-15 20:25:20 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-15 20:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-15 20:12:43 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-15 20:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-15 20:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-15 20:10:39 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-03-15 20:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-15 19:59:02 ----A---- C:\WINDOWS\system32\cdintf250.dll
2009-03-15 19:58:50 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-03-15 19:31:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-15 19:22:09 ----D---- C:\WINDOWS\system32\en-US
2009-03-15 19:20:05 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-03-15 17:59:24 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-15 17:58:30 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2009-03-15 17:45:10 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2009-03-15 17:44:12 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-15 17:44:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-15 17:44:08 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-15 17:44:08 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-15 17:44:06 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-03-15 17:44:04 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-15 17:44:04 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-15 17:43:58 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-03-15 17:43:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-03-15 17:43:56 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-15 17:43:56 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-15 17:43:55 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-15 17:43:55 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-15 17:43:55 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-15 17:43:53 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-15 17:43:51 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-15 17:43:50 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-15 17:43:49 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-15 17:43:48 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-15 17:43:47 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-15 17:43:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-15 17:43:47 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-15 17:43:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-15 17:43:44 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-15 17:43:42 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-15 17:43:37 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-15 17:43:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-15 17:43:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-15 17:43:36 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-15 17:43:35 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-03-15 17:43:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-15 17:43:34 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-15 17:43:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-15 17:43:27 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-15 17:43:27 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-15 17:43:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-15 17:43:25 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-15 17:43:24 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-15 17:43:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-03-15 17:43:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-03-15 17:43:19 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-03-15 17:43:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-15 17:43:17 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-03-15 17:43:17 ----A---- C:\WINDOWS\006245_.tmp
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-15 17:43:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-15 17:43:14 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-15 17:43:13 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-15 17:43:13 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-15 17:43:13 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-15 17:43:12 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-15 17:43:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-15 17:43:09 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-03-15 17:43:08 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-15 17:33:09 ----RSHD---- C:\cmdcons
2009-03-15 17:32:55 ----D---- C:\WINDOWS\setupupd
2009-03-06 06:47:57 ----A---- C:\WINDOWS\wininit.ini
2009-03-05 16:13:23 ----A---- C:\WINDOWS\cracked.txt
2009-03-05 00:41:34 ----D---- C:\Program Files\MagicISO
2009-03-03 09:06:22 ----HD---- C:\WINDOWS\msdownld.tmp
2009-03-03 09:06:14 ----D---- C:\WINDOWS\Logs
2009-03-03 08:34:10 ----D---- C:\Program Files\Activision
2009-03-03 07:35:36 ----D---- C:\Program Files\GooglePlusVideos
2009-03-03 07:34:20 ----D---- C:\Program Files\recfree
2009-03-03 07:34:06 ----D---- C:\Program Files\EasySearch
2009-03-02 15:22:21 ----D---- C:\Program Files\DC++

======List of files/folders modified in the last 1 months======

2009-03-29 11:48:14 ----D---- C:\WINDOWS\Prefetch
2009-03-29 11:41:53 ----D---- C:\Program Files\Mozilla Firefox
2009-03-29 11:40:43 ----D---- C:\WINDOWS\Temp
2009-03-29 11:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-29 02:32:52 ----D---- C:\Program Files
2009-03-29 01:20:23 ----D---- C:\WINDOWS\system32
2009-03-28 12:05:11 ----D---- C:\WINDOWS
2009-03-26 20:30:50 ----A---- C:\WINDOWS\ODBC.INI
2009-03-26 20:19:59 ----SHD---- C:\WINDOWS\Installer
2009-03-26 20:19:59 ----HD---- C:\Config.Msi
2009-03-26 19:45:11 ----D---- C:\WINDOWS\Registration
2009-03-26 19:44:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-24 12:12:20 ----D---- C:\WINDOWS\system32\wbem
2009-03-24 12:12:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-24 12:02:31 ----A---- C:\WINDOWS\win.ini
2009-03-24 12:02:18 ----RSD---- C:\WINDOWS\Fonts
2009-03-24 12:02:16 ----D---- C:\WINDOWS\SHELLNEW
2009-03-24 11:41:43 ----D---- C:\Program Files\Microsoft Office
2009-03-24 11:29:21 ----D---- C:\WINDOWS\system
2009-03-24 11:29:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-23 22:49:42 ----HD---- C:\WINDOWS\inf
2009-03-23 22:27:50 ----D---- C:\WINDOWS\system32\drivers
2009-03-23 15:56:20 ----D---- C:\quarantine
2009-03-23 09:55:33 ----D---- C:\Program Files\Common Files
2009-03-23 02:06:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-23 02:06:30 ----D---- C:\Program Files\SpywareBlaster
2009-03-20 09:24:41 ----D---- C:\WINDOWS\system32\mui
2009-03-18 07:41:56 ----AC---- C:\WINDOWS\QUICKEN.INI
2009-03-18 07:27:00 ----D---- C:\Program Files\Quicken
2009-03-18 06:14:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-18 00:13:46 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-03-18 00:12:38 ----D---- C:\WINDOWS\security
2009-03-18 00:12:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-18 00:11:56 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-03-18 00:10:55 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-03-18 00:06:39 ----D---- C:\temp
2009-03-18 00:06:38 ----D---- C:\WINDOWS\RegisteredPackages
2009-03-18 00:04:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-17 07:21:02 ----D---- C:\Documents and Settings
2009-03-17 07:10:41 ----D---- C:\Program Files\iTunes
2009-03-17 07:08:06 ----D---- C:\Program Files\Bonjour
2009-03-17 07:07:47 ----D---- C:\Program Files\QuickTime
2009-03-17 06:38:21 ----SD---- C:\WINDOWS\Tasks
2009-03-17 06:35:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-17 06:35:29 ----D---- C:\WINDOWS\WinSxS
2009-03-17 06:06:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-17 06:03:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-16 21:08:15 ----A---- C:\WINDOWS\imsins.BAK
2009-03-16 21:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-16 21:07:52 ----D---- C:\WINDOWS\ie7updates
2009-03-16 21:07:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-16 21:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-16 06:19:23 ----A---- C:\WINDOWS\cdplayer.ini
2009-03-16 05:06:36 ----D---- C:\Program Files\Common Files\Logishrd
2009-03-16 04:54:55 ----D---- C:\Program Files\HP
2009-03-16 04:38:35 ----D---- C:\Program Files\Messenger
2009-03-16 04:37:39 ----D---- C:\Program Files\Java
2009-03-16 03:17:53 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-16 03:17:12 ----A---- C:\WINDOWS\setuplog.txt
2009-03-16 03:16:24 ----D---- C:\WINDOWS\system32\Setup
2009-03-16 03:16:24 ----D---- C:\WINDOWS\ime
2009-03-16 03:16:24 ----D---- C:\WINDOWS\AppPatch
2009-03-15 22:12:36 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-15 22:12:34 ----D---- C:\WINDOWS\Help
2009-03-15 22:11:20 ----D---- C:\WINDOWS\system32\usmt
2009-03-15 22:11:13 ----AD---- C:\WINDOWS\system32\en
2009-03-15 22:11:11 ----D---- C:\WINDOWS\PeerNet
2009-03-15 22:11:10 ----D---- C:\Program Files\Movie Maker
2009-03-15 22:10:05 ----D---- C:\WINDOWS\system32\Restore
2009-03-15 22:10:05 ----D---- C:\WINDOWS\system32\npp
2009-03-15 22:10:04 ----D---- C:\WINDOWS\mui
2009-03-15 22:09:58 ----D---- C:\WINDOWS\msagent
2009-03-15 22:09:53 ----D---- C:\WINDOWS\srchasst
2009-03-15 22:09:47 ----D---- C:\Program Files\NetMeeting
2009-03-15 22:09:37 ----D---- C:\WINDOWS\system32\Com
2009-03-15 22:09:21 ----D---- C:\Program Files\Windows NT
2009-03-15 22:09:20 ----D---- C:\Program Files\Outlook Express
2009-03-15 22:08:59 ----D---- C:\Program Files\Common Files\System
2009-03-15 22:07:55 ----D---- C:\WINDOWS\system32\oobe
2009-03-15 21:56:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-15 21:31:26 ----D---- C:\WINDOWS\ehome
2009-03-15 21:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-15 21:28:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-15 21:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-15 21:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-15 21:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-15 21:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-15 21:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-03-15 21:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-15 21:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-15 21:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-03-15 21:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-15 21:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-03-15 21:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-15 21:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-15 21:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-15 21:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-03-15 21:18:13 ----SHD---- C:\RECYCLER
2009-03-15 21:16:12 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-15 21:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-03-15 21:14:13 ----A---- C:\WINDOWS\system32\ssmute.ini
2009-03-15 21:09:49 ----D---- C:\WINDOWS\pchealth
2009-03-15 21:08:51 ----D---- C:\sysprep
2009-03-15 21:07:18 ----RASH---- C:\BOOT.BAK
2009-03-15 21:06:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-15 21:02:49 ----A---- C:\WINDOWS\system.ini
2009-03-15 20:29:55 ----D---- C:\Program Files\McAfee
2009-03-15 20:29:55 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-03-15 20:26:37 ----D---- C:\Program Files\Symantec
2009-03-15 20:25:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-15 20:20:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-03-15 20:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-15 20:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-15 20:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-15 20:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-15 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-15 20:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-15 19:59:17 ----D---- C:\Program Files\Easy Internet signup
2009-03-15 19:56:19 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-15 19:47:27 ----HD---- C:\hp
2009-03-15 19:47:15 ----D---- C:\WINDOWS\I386
2009-03-15 19:45:46 ----D---- C:\Program Files\Windows Media Player
2009-03-15 19:45:36 ----D---- C:\Program Files\Common Files\Services
2009-03-15 19:45:15 ----D---- C:\WINDOWS\system32\ras
2009-03-15 19:44:53 ----D---- C:\WINDOWS\system32\icsxml
2009-03-15 19:44:53 ----D---- C:\WINDOWS\system32\ias
2009-03-15 19:43:14 ----RD---- C:\WINDOWS\Web
2009-03-15 19:43:14 ----D---- C:\WINDOWS\addins
2009-03-15 19:43:13 ----D---- C:\WINDOWS\Media
2009-03-15 19:43:01 ----D---- C:\WINDOWS\Cursors
2009-03-15 19:42:59 ----AHDC---- C:\WINDOWS\$NtUninstallMC05Upd1$
2009-03-15 19:42:59 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-03-15 19:42:59 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-03-15 19:42:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB889858$
2009-03-15 19:42:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885354$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-03-15 19:42:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-03-15 19:42:55 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2009-03-15 19:42:28 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-15 19:42:26 ----RSD---- C:\WINDOWS\assembly
2009-03-15 19:25:53 ----D---- C:\Program Files\Internet Explorer
2009-03-15 19:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-15 19:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-15 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-15 19:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-15 19:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-03-15 19:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-15 19:22:15 ----D---- C:\WINDOWS\system32\config
2009-03-15 19:21:54 ----HDC---- C:\WINDOWS\ie7
2009-03-15 19:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-15 19:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-15 18:47:23 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-03-15 17:33:35 ----RASH---- C:\boot.ini
2009-03-15 17:33:09 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-03-15 15:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-05 18:11:53 ----D---- C:\WINDOWS\Minidump
2009-03-04 19:25:34 ----AC---- C:\WINDOWS\winph.ini
2009-03-02 14:58:05 ----D---- C:\Program Files\Wolfenstein - Enemy Territory

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-09-29 62704]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-19 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-19 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-19 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-15 2564032]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-12-18 63248]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-12-18 79248]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-29 90360]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-29 42424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-16 71168]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-18 113664]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2008-09-29 64432]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-16 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-05-09 53248]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2008-09-29 67904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

[bpstone]

info.txt logfile of random's system information tool 1.06 2009-03-29 11:48:36

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Final Drive Nitro from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\31D6EDEF-1926-4267-A24E-077BFB360F72\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC-->MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet Pro K8600 Series-->C:\Program Files\HP\Digital Imaging\{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}\setup\hpzscr01.exe -datfile hpwscr11.dat -forcereboot
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Tunes-->MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960}
McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPM-->MsiExec.exe /X{BAB0F8F5-282A-45F1-B31A-EB894827456B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Overball from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A8B63E91-BB8C-41FF-B530-5BB13C915612\Uninstall.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4C838121-69EC-424A-8FB0-91C15306A758\Uninstall.exe"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Slyder from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)-->C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See KB889858 for more information]-->C:\WINDOWS\$NtUninstallKB889858$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: BRYANSTONE
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 157
Source Name: SideBySide
Time Written: 20090315173213.000000-240
Event Type: error
User:

Computer Name: BRYANSTONE
Event Code: 20
Message: Printer Driver HP Officejet Pro K8600 Series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hph86003.GPD, UNIDRV.HLP, hph8600a.ini, hpzst5k2.dll, hpzur5k2.dll, hpz3c5k2.dll, hph86003.xml, hpzsc5k2.dtd, hpzui5k2.dll, hpz3r5k2.dll, hpzpr5k2.dll, hpcdmc32.dll, hpbcfgre.dll, hpzsm5k2.gpd, hpz3m5k2.gpd, hpzev5k2.dll, hpzhl5k2.cab, STDNAMES.GPD, hpfie5k2.dll, hpfig5k2.dll, hpfrs5k2.dll, hpzc35k2.dll, hpfh8600.cfg, UNIRES.DLL.

Record Number: 44
Source Name: Print
Time Written: 20090315211606.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRYANSTONE
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\Logitech\SetPoint\SetPoint.exe.
Reference error message: The operation completed successfully.
.

Record Number: 32
Source Name: SideBySide
Time Written: 20090315211239.000000-240
Event Type: error
User:

Computer Name: BRYANSTONE
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 31
Source Name: SideBySide
Time Written: 20090315211239.000000-240
Event Type: error
User:

Computer Name: BRYANSTONE
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 30
Source Name: SideBySide
Time Written: 20090315211239.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: BRYANSTONE
Event Code: 11304
Message: Product: Microsoft Sync Framework Runtime v1.0 (x86) -- Error 1304. Error writing to file: Microsoft.Synchronization.dll. Verify that you have access to that directory.

Record Number: 44
Source Name: MsiInstaller
Time Written: 20090315180525.000000-240
Event Type: error
User: BRYANSTONE\HP_Administrator

Computer Name: BRYANSTONE
Event Code: 11304
Message: Product: Microsoft Sync Framework Runtime v1.0 (x86) -- Error 1304. Error writing to file: Microsoft.Synchronization.dll. Verify that you have access to that directory.

Record Number: 42
Source Name: MsiInstaller
Time Written: 20090315180209.000000-240
Event Type: error
User: BRYANSTONE\HP_Administrator

Computer Name: BRYANSTONE
Event Code: 11304
Message: Product: Microsoft Sync Framework Runtime v1.0 (x86) -- Error 1304. Error writing to file: Microsoft.Synchronization.dll. Verify that you have access to that directory.

Record Number: 39
Source Name: MsiInstaller
Time Written: 20090315175802.000000-240
Event Type: error
User: BRYANSTONE\HP_Administrator

Computer Name: BRYANSTONE
Event Code: 1517
Message: Windows saved user BRYANSTONE\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15
Source Name: Userenv
Time Written: 20090315212302.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRYANSTONE
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 14
Source Name: Userenv
Time Written: 20090315212302.000000-240
Event Type: warning
User: BRYANSTONE\HP_Administrator

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

[Bio-Hazard]

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Double click on ComboFix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
  
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:

• ComboFix log (found at C:\Combofix.txt)
• New HijackThis log

[bpstone]

ComboFix 09-03-28.06 - HP_Administrator 2009-03-29 12:55:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.519 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.

2009-03-29 11:47 . 2009-03-29 11:48 <DIR> d-------- C:\rsit
2009-03-29 02:32 . 2009-03-29 02:34 <DIR> d-------- c:\program files\American Airlines TravelDesk
2009-03-23 10:55 . 2009-03-23 10:55 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-03-23 10:54 . 2009-03-23 10:54 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-03-23 09:56 . 2009-03-23 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-23 09:55 . 2009-03-23 09:55 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-23 09:55 . 2009-03-23 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-23 02:09 . 2009-03-23 02:09 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 01:23 . 2009-03-20 01:24 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Registry Cleaner
2009-03-19 09:52 . 2009-03-19 09:52 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\HP
2009-03-18 08:53 . 2009-03-18 08:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Blackberry Desktop
2009-03-18 08:52 . 2009-03-22 20:00 256 --a------ c:\windows\system32\pool.bin
2009-03-18 00:10 . 2009-03-18 00:13 <DIR> d-------- c:\program files\Roxio
2009-03-18 00:04 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2009-03-17 23:52 . 2009-03-17 23:52 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2009-03-17 10:35 . 2009-03-17 10:35 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-03-17 10:34 . 2009-03-17 10:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 10:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 10:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 07:21 . 2009-03-17 07:21 <DIR> d-------- c:\documents and settings\Bryan Stone
2009-03-17 07:09 . 2009-03-17 07:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 06:59 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-17 06:38 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-17 06:35 . 2009-03-17 06:35 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-16 08:02 . 2009-03-29 01:20 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-03-16 05:09 . 2009-03-16 05:09 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Logitech
2009-03-16 05:08 . 2008-12-18 23:43 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys
2009-03-16 05:08 . 2009-03-16 05:08 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-16 05:07 . 2009-03-16 05:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-16 05:07 . 2009-03-16 05:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-16 05:06 . 2009-02-19 00:26 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-03-16 05:06 . 2009-02-19 00:27 170,512 --a------ c:\windows\system32\kemutb.dll
2009-03-16 05:06 . 2009-02-19 00:27 145,936 --a------ c:\windows\system32\KemUtil.dll
2009-03-16 05:06 . 2009-02-19 00:27 117,264 --a------ c:\windows\system32\KemWnd.dll
2009-03-16 05:06 . 2009-02-19 00:27 84,496 --a------ c:\windows\system32\KemXML.dll
2009-03-16 04:54 . 2009-03-16 04:54 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\HPAppData
2009-03-16 04:38 . 2009-03-16 04:37 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-15 22:11 . 2009-03-15 22:11 <DIR> d-------- c:\windows\system32\scripting
2009-03-15 22:11 . 2009-03-15 22:11 <DIR> d-------- c:\windows\system32\bits
2009-03-15 21:24 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-15 21:24 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-15 21:24 . 2008-08-14 06:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2009-03-15 21:21 . 2008-08-14 06:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-15 21:21 . 2008-08-14 06:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-15 21:21 . 2008-08-14 05:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-15 21:21 . 2008-08-14 05:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-15 21:18 . 2008-04-11 15:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-15 21:18 . 2008-10-24 07:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-15 21:18 . 2008-12-11 06:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-03-15 21:18 . 2008-05-08 10:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-15 21:17 . 2008-10-15 12:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-15 21:15 . 2007-06-27 13:06 117,760 --a------ c:\windows\system32\hpz3l5k2.dll
2009-03-15 21:14 . 2009-03-17 07:10 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-15 21:14 . 2007-01-19 12:46 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-03-15 21:14 . 2007-01-19 12:46 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-03-15 21:13 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\windows\system32\Lang
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\program files\Common Files\L&H
2009-03-15 21:12 . 2004-12-01 20:54 163,840 --a------ c:\windows\system32\igfxres.dll
2009-03-15 21:11 . 2009-03-15 21:11 1,897 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PX774AA-ABA A1140N_YC_0Pavi_QMXK527_E53NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXP2_L409_M1016_J250_7Intel_8Pentium 4_93_#051102_N10EC8139_Z11C1048C_G80862582.MRK
2009-03-15 21:10 . 2005-11-02 03:20 <DIR> d-------- c:\documents and settings\HP_Administrator\WINDOWS
2009-03-15 21:10 . 2009-03-15 19:26 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Symantec
2009-03-15 21:10 . 2005-11-02 03:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SampleView
2009-03-15 21:10 . 2005-11-02 03:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\InterMute
2009-03-15 21:10 . 2005-11-02 03:19 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-03-15 21:10 . 2009-03-26 19:42 <DIR> d-------- c:\documents and settings\HP_Administrator
2009-03-15 21:09 . 2009-03-15 21:09 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-15 21:08 . 2009-03-15 21:08 <DIR> d-------- c:\windows\system32\RTCOM
2009-03-15 21:08 . 2005-11-02 03:20 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-03-15 21:08 . 2009-03-15 21:08 <DIR> dr-h----- C:\MSOCache
2009-03-15 21:02 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-15 21:02 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-15 21:02 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-15 21:02 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-15 21:02 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-15 21:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-15 21:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-15 21:02 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-15 20:32 . 2008-09-29 09:07 340,592 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-15 20:32 . 2008-09-29 09:07 90,360 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-15 20:32 . 2008-09-29 09:07 74,648 --a------ c:\windows\system32\drivers\mfeapfk.sys
2009-03-15 20:32 . 2008-09-29 09:07 67,904 --a------ c:\windows\system32\mfevtps.exe
2009-03-15 20:32 . 2008-09-29 09:07 64,432 --a------ c:\windows\system32\drivers\mferkdet.sys
2009-03-15 20:32 . 2008-09-29 09:07 62,704 --a------ c:\windows\system32\drivers\mfetdik.sys
2009-03-15 20:32 . 2008-09-29 09:07 42,424 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-15 19:59 . 2006-04-12 11:11 1,933,312 --a------ c:\windows\system32\cdintf250.dll
2009-03-15 19:58 . 2009-03-15 19:58 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Intuit
2009-03-15 19:31 . 2009-03-20 09:24 <DIR> dr-hs---- c:\windows\system32\dllcache
2009-03-15 19:22 . 2008-12-20 19:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-15 19:22 . 2007-04-17 05:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-15 19:22 . 2007-03-08 01:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-15 19:22 . 2008-12-20 19:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-15 19:22 . 2008-12-20 19:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-15 19:22 . 2008-12-20 19:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-15 19:22 . 2008-12-20 19:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-15 19:22 . 2008-12-20 19:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-15 19:22 . 2008-12-19 05:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-15 17:59 . 2009-03-16 04:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-15 17:43 . 2008-04-13 20:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2009-03-06 06:47 . 2009-03-15 15:44 349 --a------ c:\windows\wininit.ini
2009-03-05 00:41 . 2009-03-05 00:41 <DIR> d-------- c:\program files\MagicISO
2009-03-03 09:06 . 2009-03-03 09:08 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-03 09:06 . 2009-03-03 09:06 <DIR> d-------- c:\windows\Logs
2009-03-03 08:34 . 2009-03-03 08:34 <DIR> d-------- c:\program files\Activision
2009-03-03 07:35 . 2009-03-04 19:17 <DIR> d-------- c:\program files\GooglePlusVideos
2009-03-03 07:34 . 2009-03-03 07:34 <DIR> d-------- c:\program files\recfree
2009-03-03 07:34 . 2009-03-03 07:35 <DIR> d-------- c:\program files\EasySearch
2009-03-02 15:22 . 2009-03-05 21:48 <DIR> d-------- c:\program files\DC++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 06:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 06:06 --------- d-----w c:\program files\SpywareBlaster
2009-03-18 11:27 --------- d-----w c:\program files\Quicken
2009-03-18 04:13 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-18 04:11 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-18 04:10 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-03-17 11:10 --------- d-----w c:\program files\iTunes
2009-03-17 11:08 --------- d-----w c:\program files\Bonjour
2009-03-17 11:07 --------- d-----w c:\program files\QuickTime
2009-03-17 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 10:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-16 09:06 --------- d-----w c:\program files\Common Files\Logishrd
2009-03-16 08:54 --------- d-----w c:\program files\HP
2009-03-16 08:37 --------- d-----w c:\program files\Java
2009-03-16 02:25 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-03-16 02:25 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-03-16 00:29 --------- d-----w c:\program files\McAfee
2009-03-16 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-16 00:26 --------- d-----w c:\program files\Symantec
2009-03-16 00:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-16 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-15 23:59 --------- d-----w c:\program files\Easy Internet signup
2009-03-15 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-02 18:58 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-02-25 17:24 --------- d-----w c:\program files\Return to Castle Wolfenstein
2009-02-25 17:12 --------- d-----w c:\program files\Return to Castle Wolfenstein DEMO
2009-02-25 02:13 90,149 ----a-w c:\windows\winservice.exe
2009-02-21 10:42 --------- d-----w c:\program files\Common Files\DAZ
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 08:34 --------- d-----w c:\program files\Full Tilt Poker
2009-01-17 01:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-09 12:07 603,943 ----a-w c:\windows\Pink Floyd.exe
2009-01-09 12:07 407,240 ----a-w c:\windows\Pink Floyd.scr
2009-01-09 12:07 40,960 ----a-w c:\windows\Pink Floyd.dll
2008-04-13 08:42 30 -c--a-w c:\program files\Exiferupdate.ini
2005-11-02 09:23 251 -c--a-w c:\program files\wt3d.ini
2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-09-29 13:07 22,576 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-02 180269]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 c:\windows\system32\Hdaudpropshortcut.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-03-15 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-04 169472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-15 809488]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-11-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 00:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-17 64160]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-16 10384]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-15 67904]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-15 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3451be4-bc13-11d9-bafb-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-15 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 22:04]

2009-03-29 c:\windows\Tasks\jpwlkvuy.job
- c:\windows\system32\iifGVMDw.dll []

2009-03-29 c:\windows\Tasks\User_Feed_Synchronization-{CFD7DB17-7288-4D16-B8E9-76108534956D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 13:03:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3694042123-1244531125-3564649864-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-03-29 13:06:31
ComboFix-quarantined-files.txt 2009-03-29 17:05:57

Pre-Run: 122,842,357,760 bytes free
Post-Run: 123,398,148,096 bytes free

281 --- E O F --- 2009-03-18 10:13:51

[bpstone]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:44 PM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 11354 bytes

[Bio-Hazard]

Run CFScript

• Close any open browsers.
• Open Notepad by click start
• Click Run
• Type notepad into the box and click enter
• Notepad will open
• Copy and Paste everything from the Code box into Notepad:

Code: Select all

File::
c:\windows\winservice.exe
c:\windows\Tasks\jpwlkvuy.job
c:\windows\system32\iifGVMDw.dll

Filelook::
c:\windows\system32\drivers\103C_HP_CPC_PX774AA-ABA A1140N_YC_0Pavi_QMXK527_E53NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXP2_L409_M1016_J250_7Intel_8Pentium 4_93_#051102_N10EC8139_Z11C1048C_G80862582.MRK

Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.


ATF-Cleaner

Please download ATF Cleaner by Atribune.

• Save it to your desktop
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords please click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply along with a fresh HijackThis log.

Next Reply

Please reply with:

• ComboFix log (found at C:\Combofix.txt)
• Kaspersky Scan Log
• New HijackThis log
• A description of how your computer is behaving

[bpstone]

ComboFix 09-03-29.04 - HP_Administrator 2009-03-30 11:54:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.436 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\iifGVMDw.dll
c:\windows\Tasks\jpwlkvuy.job
c:\windows\winservice.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\jpwlkvuy.job
c:\windows\winservice.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-30 02:45 . 2009-03-30 02:45 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
2009-03-30 02:44 . 2008-09-16 15:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-03-30 00:14 . 2009-03-30 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-29 16:03 . 2009-03-29 16:03 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Ulead Systems
2009-03-29 11:47 . 2009-03-29 11:48 <DIR> d-------- C:\rsit
2009-03-29 02:32 . 2009-03-29 02:34 <DIR> d-------- c:\program files\American Airlines TravelDesk
2009-03-23 10:55 . 2009-03-23 10:55 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-03-23 10:54 . 2009-03-23 10:54 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-03-23 09:56 . 2009-03-23 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-23 09:55 . 2009-03-23 09:55 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-23 09:55 . 2009-03-23 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-23 02:09 . 2009-03-23 02:09 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 01:23 . 2009-03-20 01:24 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Registry Cleaner
2009-03-19 09:52 . 2009-03-19 09:52 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\HP
2009-03-18 08:53 . 2009-03-18 08:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Blackberry Desktop
2009-03-18 08:52 . 2009-03-22 20:00 256 --a------ c:\windows\system32\pool.bin
2009-03-18 00:10 . 2009-03-18 00:13 <DIR> d-------- c:\program files\Roxio
2009-03-18 00:04 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2009-03-17 23:52 . 2009-03-17 23:52 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2009-03-17 10:35 . 2009-03-17 10:35 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-03-17 10:34 . 2009-03-17 10:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 10:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 10:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 07:21 . 2009-03-17 07:21 <DIR> d-------- c:\documents and settings\Bryan Stone
2009-03-17 07:09 . 2009-03-17 07:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 06:59 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-17 06:38 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-17 06:35 . 2009-03-17 06:35 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-16 08:02 . 2009-03-29 01:20 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-03-16 05:09 . 2009-03-16 05:09 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Logitech
2009-03-16 05:08 . 2008-12-18 23:43 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys
2009-03-16 05:08 . 2009-03-16 05:08 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-16 05:07 . 2009-03-16 05:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-16 05:07 . 2009-03-16 05:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-16 05:06 . 2009-02-19 00:26 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-03-16 05:06 . 2009-02-19 00:27 170,512 --a------ c:\windows\system32\kemutb.dll
2009-03-16 05:06 . 2009-02-19 00:27 145,936 --a------ c:\windows\system32\KemUtil.dll
2009-03-16 05:06 . 2009-02-19 00:27 117,264 --a------ c:\windows\system32\KemWnd.dll
2009-03-16 05:06 . 2009-02-19 00:27 84,496 --a------ c:\windows\system32\KemXML.dll
2009-03-16 04:54 . 2009-03-16 04:54 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\HPAppData
2009-03-16 04:38 . 2009-03-16 04:37 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-15 22:11 . 2009-03-15 22:11 <DIR> d-------- c:\windows\system32\scripting
2009-03-15 22:11 . 2009-03-15 22:11 <DIR> d-------- c:\windows\system32\bits
2009-03-15 21:24 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-15 21:24 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-15 21:24 . 2008-08-14 06:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2009-03-15 21:21 . 2008-08-14 06:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-15 21:21 . 2008-08-14 06:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-15 21:21 . 2008-08-14 05:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-15 21:21 . 2008-08-14 05:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-15 21:18 . 2008-04-11 15:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-15 21:18 . 2008-10-24 07:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-15 21:18 . 2008-12-11 06:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-03-15 21:18 . 2008-05-08 10:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-15 21:17 . 2008-10-15 12:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-15 21:15 . 2007-06-27 13:06 117,760 --a------ c:\windows\system32\hpz3l5k2.dll
2009-03-15 21:14 . 2009-03-17 07:10 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-15 21:14 . 2007-01-19 12:46 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-03-15 21:14 . 2007-01-19 12:46 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-03-15 21:13 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\windows\system32\Lang
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-15 21:12 . 2009-03-15 21:12 <DIR> d-------- c:\program files\Common Files\L&H
2009-03-15 21:12 . 2004-12-01 20:54 163,840 --a------ c:\windows\system32\igfxres.dll
2009-03-15 21:11 . 2009-03-15 21:11 1,897 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_PX774AA-ABA A1140N_YC_0Pavi_QMXK527_E53NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXP2_L409_M1016_J250_7Intel_8Pentium 4_93_#051102_N10EC8139_Z11C1048C_G80862582.MRK
2009-03-15 21:10 . 2005-11-02 03:20 <DIR> d-------- c:\documents and settings\HP_Administrator\WINDOWS
2009-03-15 21:10 . 2009-03-15 19:26 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Symantec
2009-03-15 21:10 . 2005-11-02 03:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SampleView
2009-03-15 21:10 . 2005-11-02 03:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\InterMute
2009-03-15 21:10 . 2005-11-02 03:19 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-03-15 21:10 . 2009-03-26 19:42 <DIR> d-------- c:\documents and settings\HP_Administrator
2009-03-15 21:09 . 2009-03-15 21:09 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-15 21:08 . 2009-03-15 21:08 <DIR> d-------- c:\windows\system32\RTCOM
2009-03-15 21:08 . 2005-11-02 03:20 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-03-15 21:08 . 2005-11-02 03:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-03-15 21:08 . 2005-11-02 03:33 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-03-15 21:08 . 2005-11-02 03:39 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\InterMute
2009-03-15 21:08 . 2005-11-02 03:19 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2009-03-15 21:08 . 2009-03-15 21:08 <DIR> dr-h----- C:\MSOCache
2009-03-15 21:02 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-15 21:02 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-15 21:02 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-15 21:02 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-15 21:02 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-15 21:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-15 21:02 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-03-15 21:02 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-15 20:32 . 2008-09-29 09:07 340,592 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-15 20:32 . 2008-09-29 09:07 90,360 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-03-15 20:32 . 2008-09-29 09:07 74,648 --a------ c:\windows\system32\drivers\mfeapfk.sys
2009-03-15 20:32 . 2008-09-29 09:07 67,904 --a------ c:\windows\system32\mfevtps.exe
2009-03-15 20:32 . 2008-09-29 09:07 64,432 --a------ c:\windows\system32\drivers\mferkdet.sys
2009-03-15 20:32 . 2008-09-29 09:07 62,704 --a------ c:\windows\system32\drivers\mfetdik.sys
2009-03-15 20:32 . 2008-09-29 09:07 42,424 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-03-15 19:59 . 2006-04-12 11:11 1,933,312 --a------ c:\windows\system32\cdintf250.dll
2009-03-15 19:58 . 2009-03-15 19:58 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Intuit
2009-03-15 19:31 . 2009-03-20 09:24 <DIR> dr-hs---- c:\windows\system32\dllcache
2009-03-15 19:22 . 2008-12-20 19:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-15 19:22 . 2007-04-17 05:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-15 19:22 . 2007-03-08 01:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-15 19:22 . 2008-12-20 19:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-15 19:22 . 2008-12-20 19:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-15 19:22 . 2008-12-20 19:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-15 19:22 . 2008-12-20 19:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-15 19:22 . 2008-12-20 19:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-15 19:22 . 2008-12-19 05:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-15 17:59 . 2009-03-16 04:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-15 17:43 . 2008-04-13 20:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2009-03-06 06:47 . 2009-03-15 15:44 349 --a------ c:\windows\wininit.ini
2009-03-05 00:41 . 2009-03-05 00:41 <DIR> d-------- c:\program files\MagicISO
2009-03-03 09:06 . 2009-03-03 09:08 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-03 09:06 . 2009-03-03 09:06 <DIR> d-------- c:\windows\Logs
2009-03-03 08:34 . 2009-03-03 08:34 <DIR> d-------- c:\program files\Activision
2009-03-03 07:35 . 2009-03-04 19:17 <DIR> d-------- c:\program files\GooglePlusVideos
2009-03-03 07:34 . 2009-03-03 07:34 <DIR> d-------- c:\program files\recfree
2009-03-03 07:34 . 2009-03-03 07:35 <DIR> d-------- c:\program files\EasySearch
2009-03-02 15:22 . 2009-03-05 21:48 <DIR> d-------- c:\program files\DC++
2009-02-25 13:08 . 1998-01-23 13:55 305,152 --a------ c:\windows\IsUn0419.exe
2009-02-25 03:14 . 2009-02-25 13:24 <DIR> d-------- c:\program files\Return to Castle Wolfenstein
2009-02-25 02:51 . 2009-03-02 14:58 <DIR> d-------- c:\program files\Wolfenstein - Enemy Territory
2009-02-24 21:33 . 2009-02-25 13:12 <DIR> d-------- c:\program files\Return to Castle Wolfenstein DEMO
2009-02-24 03:53 . 2009-02-24 09:35 <DIR> d-------- C:\games
2009-02-09 07:13 . 2009-02-09 07:13 1,846,784 --------- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 06:45 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-30 04:26 --------- d-----w c:\program files\Macromedia
2009-03-30 04:26 --------- d-----w c:\program files\Common Files\Macromedia
2009-03-23 06:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 06:06 --------- d-----w c:\program files\SpywareBlaster
2009-03-18 11:27 --------- d-----w c:\program files\Quicken
2009-03-18 04:13 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-18 04:11 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-18 04:10 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-03-17 11:10 --------- d-----w c:\program files\iTunes
2009-03-17 11:08 --------- d-----w c:\program files\Bonjour
2009-03-17 11:07 --------- d-----w c:\program files\QuickTime
2009-03-17 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 10:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-16 09:06 --------- d-----w c:\program files\Common Files\Logishrd
2009-03-16 08:54 --------- d-----w c:\program files\HP
2009-03-16 08:37 --------- d-----w c:\program files\Java
2009-03-16 02:25 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-03-16 02:25 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-03-16 00:29 --------- d-----w c:\program files\McAfee
2009-03-16 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-16 00:26 --------- d-----w c:\program files\Symantec
2009-03-16 00:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-16 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-15 23:59 --------- d-----w c:\program files\Easy Internet signup
2009-03-15 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-21 10:42 --------- d-----w c:\program files\Common Files\DAZ
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 08:34 --------- d-----w c:\program files\Full Tilt Poker
2009-01-17 01:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-09 12:07 603,943 ----a-w c:\windows\Pink Floyd.exe
2009-01-09 12:07 407,240 ----a-w c:\windows\Pink Floyd.scr
2009-01-09 12:07 40,960 ----a-w c:\windows\Pink Floyd.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-19 03:42 76,304 ----a-w c:\windows\KHALMNPR.Exe
2008-12-12 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 15:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll
2008-12-05 06:54 144,896 ------w c:\windows\system32\dllcache\schannel.dll
2008-04-13 08:42 30 -c--a-w c:\program files\Exiferupdate.ini
2005-11-02 09:23 251 -c--a-w c:\program files\wt3d.ini
2009-01-25 12:57 28,672 ----a-w c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-09-29 13:07 22,576 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
2008-10-19 09:58 49,152 ----a-w c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\103C_HP_CPC_PX774AA-ABA A1140N_YC_0Pavi_QMXK527_E53NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXP2_L409_M1016_J250_7Intel_8Pentium 4_93_#051102_N10EC8139_Z11C1048C_G80862582.MRK -- Not a PE file.
MD5: d0a2a9401fe3fe4311891270cc403415


((((((((((((((((((((((((((((( SnapShot@2009-03-29_13.04.22.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-23 14:06:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-29 23:31:53 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-23 14:06:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-29 23:31:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-23 14:06:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-29 23:31:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-02 180269]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 c:\windows\system32\Hdaudpropshortcut.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-03-15 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-04 169472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-15 809488]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-11-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 00:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-17 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-16 10384]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-03-15 67904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-03-15 64432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MACROMEDIA_LICENSING_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3451be4-bc13-11d9-bafb-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-15 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 22:04]

2009-03-30 c:\windows\Tasks\User_Feed_Synchronization-{CFD7DB17-7288-4D16-B8E9-76108534956D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 11:59:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3694042123-1244531125-3564649864-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-03-30 12:03:48
ComboFix-quarantined-files.txt 2009-03-30 16:03:08
ComboFix2.txt 2009-03-29 17:06:33

Pre-Run: 122,983,497,728 bytes free
Post-Run: 123,066,404,864 bytes free

319 --- E O F --- 2009-03-18 10:13:51

[bpstone]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 14:35:03
Records in database: 1986635
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 281292
Threat name: 4
Infected objects: 271
Suspicious objects: 0
Duration of the scan: 05:03:22


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\My Documents\Bryan Stone.exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\25 TO LIFE (SHOOTER) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\2FAST DRIVER (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D HOME ARCHITECT (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D MARK (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D STUDIO MAX (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\500 RETRO CLASSIC C64 (JOCULETE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ACID WAV(All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ACRONIM BUSTER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ADOBE FRAMEMAKER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AFTER DARK (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ALDUS PHOTO STYLER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANARCHY ONLINE CLASSIC EDITION (ONLINE) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANDROMEDA_Varifocus (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANTARES AUTOTUNE (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANTIVIRAL TOOLKIT PRO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ARMY MEN II (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AROUND THE WORLD IN 80 DAYS (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Assassin s Creed (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUDIOACTIVE STUDIO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUTODESK 3D STUDIO VIZ (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUTODESK MECANICAL DESKTOP (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BACKYARD BASEBALL 2007 (SPORT) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BARD S TALE (RPG) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BASEBALL MOGUL 2007 (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BASS TOURNAMENT 3D (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BIG OIL (TYCOON) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BLACK AND WHITE 2 (STRATEGY) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND C++ (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND JAVA BUILDER (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND TURBO ASAMBLER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BRAVEHEART (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BROTHERS IN ARMS ROAD TO HILL 30 (3D SHOOTER) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BROTHERS IN ARMS ROAD TO HILL 30 (3D SHOOTER) 1DVD 1 DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CABELA S OUTDOOR ADVENTURES (HUNTING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CARS (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Casino Island To Go (Actiune) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CD EX (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CD_WORX (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CHAMPIONSHIP MANAGER 2006 (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CHAMPIONSHIP MANAGER 3 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CITY LIFE (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CIVIL AIR PATROL (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CLOSE COMBAT III (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COPS 2170 THE POWER OF LAW (ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COREL (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COREL XARA (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CRAZY MACHINES NEWS OUT OF THE LABORATORY (PUZZLE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CREATURES 3 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CROSS RACING CHAMPIONSSHIP 2005 (RACING) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\D LUSION Drumstation (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DARK TREE (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DARKSTAR ONE (ACTION) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DFX (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DIRECTX Acoustic Modeler (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DISCIPLES SACRED LANDS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DROD JOURNEY TO ROOTED HOLD (PUZZLE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DROP DELUXE (ARCADE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DUCATI WORLD CHAMPIONSHIP (RACING) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DUNGEON KEEPER 1 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EAGLE POINT (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EAST FRONT II (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ECHO SECRETS OF THE LOST CAVERN (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EUCLID_Quantum (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EVOLUTION GT (RACING) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EXTENSIS_PhotoGraphics (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\F16 AGGRESSOR (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FAMILY GAME ROYALE PACK (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Fantasy Wars (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FIGHTING STEEL (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FIRST BATTALION (ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLASH (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLASHPOINT BALKANS (ADDON BATTLEFIELD VIETNAM) (SHOOTER) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLIGHT DECK 4 (ADDON MFS2004) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FORGOTTEN REALMS DEMON STONE (RPG) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FORMULA 1 CHAMPIONSHIP 2000 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FRACTAL DESIGN PAINT (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Gears of War (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GLACIER (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GOTHIC 2 GOLD EDITION (+HIGHT OF RAVEN) (RPG) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GP 500 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GRIM FANDANGO (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GUARDIAN OF DARKNESS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HEAVY GEAR 2 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOME WORLD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CARD GAMES 2007 (CARD GAMES) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CASINO 2007 (CARD GAMES) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CHESS SERIES (SAH) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HYPE The Time Quest (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HYPER 3D PINBALL (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\IRON WARRIORS T72 TANK COMMAND (TANK SIM) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\IVEX WINBOARD (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JAGGED ALLIANCE 2 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JBL SMAART (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JET AUDIO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JUICED (RACING) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\KING OF DRAGON PASS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\KING S QUEST COLLECTION SERIES VOL.1 (KING QUEST GAMES) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LANDS OF LORE 3 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LATEX (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LEGION AREA GOLD EDITION (STRATEGY) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LIQUIDATOR (ACTION) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LOGO STAR WARS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LONDON RACER POLICE MADNESS (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Lost Planet Extreme Condition (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LULA 3D (EROTIC) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MACROMEDIA FIREWORKS (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MANCHESTER UNITED INTERACTIVE QUIZ 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MATHCAD (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\McAFEE (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MESSIAH (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MGNETO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MONKEYS ADVENTURES (ACTION PLATFORM) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MONOPOLY 3 (MONOPOLY) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MOZART (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MS ACCESS (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms DICTATION (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MS LIQUID MOTION (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms SQL Server (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms SQL SERVER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NASTRAN (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NEO CRON GOLD EDITION (MMORPG) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NETSCAPE (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NHL 2007 (SPORT) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NORTON CRASHGUARDS (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OBSCURE (ADVENTURE HORROR) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OPERATIONAL ART OF WAR 2 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OSTRICH RUNNER (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PAINTER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PANZER CAMPAIGNS MOSCOW 41 (STRATEGY) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PANZER GENERAL 3D Assault (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PARADISE SOKAL (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PARTITION RESIZER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PHOENIX (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PHOTO BITS (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PICK ME, HONEY! (EROTIC) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PIXEL 3D (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PLAYBOY THE MANSION GOLD EDITION (SIMULATION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POKER NIGHT (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POLAR VS TRANSFER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POOL MASTER LIVE BILLIARDS (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POWER DVD (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PRO CYCLING MANAGER 2006 (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\QUAKE II (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\REAL MYST (10th ANNIVERSARY EDITION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\RM LOGO CHANGER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROBOCOP 3D SHOOTER MAI.2003 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROGUE SPEARS URBAN OPERATIONS pack (action) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROGUE TROOPER (ACTION) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROLLER COASTER TYCOON 3 SOAKED! (TYCOON) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROSSO RABBIT IN TROUBLE (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SDD (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Secret Wive s Club (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SECRETS OF THE EAST (PUZZLE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SENSIBLE SOCCER 2006 (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SEPTERA CORE Legacy of the Creator (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHADOW MAN (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHADOWBANE ONLINE (MMORPG) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHATTERED UNION (STRATEGY) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHOGUN TOTAL WAR WARLORD EDITION (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHREDDER 9 (CHESS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SiN EPISODE 1 EMERGENCE (ACTION) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SLAVE PAGEANT (adult) – (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SMART DRAW (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SNIFFER PRO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SOFTICE 3.24 (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SOULBRINGER (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPACE EMPIRES STARFURY (3D ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPACE INTERCEPTOR PROJECT FREEDOM (FLIGHT SIM) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPIN THE BOTTLE (QUIZ) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Sqiek (c) Magnussoft 1 Jump n Run (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STABLE MASTERS 2 (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR TREK Armada (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS COLLECTION DISK 1 (STAR WARS GAMES) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS COLLECTION DISK 2 (STAR WARS GAMES) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS GALACTIC BATTLEGOUND (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STARCRAFT – BROODWAR (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STARSIEGE (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STEINBERG WAVELAB (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STREET RACING SYNDICATE (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Supreme Commander Forged Alliance (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SUPREME RULER 2010 (STRATEGY) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SWORD OF THE STARS (STRATEGY) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Sword of the Stars Born of Blood (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\T RACKS (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TANGO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE BUTCHER (3D ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE CREED (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE DIG (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\The Italian Job (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE LORD OF THE RINGS BATTLE FOR MIDDLE EARTH (3D ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\The Settlers Rise of an Empire (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE SIMS 2 UNIVERSITY (LIFE SIM) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE STALIN SUBWAY (SHOOTER) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THEOCRACY (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THUNDERBOLD 2 (FLIGHT SIM) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TIME TO RIDE SADDLES AND STABLES (KIDS GAME) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOCA 2 Touring Cars (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOCA RACE DRIVER 2 (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOM CLACY S SPLINTER CELL MISSION PACK ADDON (ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOMB RAIDER 2 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOMB RAIDER THE ANGEL OF DARKNESS ACTION ADVENTURE (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TONY HAWK’S PRO SKATER 2 (simulation) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOTAL AIR WAR (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOTAL PINBALL 25 (PINBALL) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRAIN DRIVER (SIMULATION) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRAXMAKER (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIBES 2 (action) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIDONIS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIVIAL PURSUIT UNHINGED (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TURBO BASIC (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Turbo GT (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TWEAK UI (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UEFA Challenge (football) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ULTIMATE SOLITAIRE (SOLIATIRE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ULTIMATE VICE CITY 2 (ADDON FOR GTA3 VICE CITY) (ACTION) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UNREAL TOURNAMENT 2003 (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UNREAL TOURNAMENT 2004 EXTRA MAPS (72 HARTI NOI) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Unreal Tournament Tactical Ops Bereta 9 mm (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\URBAN ASSAULT (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\URU AGES BEYOND MYST (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\USA BASS CHAMPIONSHIP (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VAMPIRE THE MASQUERADE BLOODLINES (RPG) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VCD CUTTER for (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VERN (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIETCONG 2 (SHOOTER) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIETNAM Black Ops (action) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIGILANCE (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIRTUA COP (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIRTUAL POOL HALL (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISIO (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISUAL AGE FOR JAVA (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISUAL BUSINESS CARD (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VOYAGE (ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WALT DISNEY COLLECTION (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WAR CHESS (CHEES) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WAR WORLD TACTICAL COMBAT (ONLINE SHOOTER) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WARDOVES Secret Weapon of Worldwar (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WARHAMMER 4000 Rites of War (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Warrior King Battles (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WATER WORLD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WEB PAGE CONSTRUCTION Kit (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WHERE IS IT (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WILL ROCK – (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WINDAC (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WOLVES CLUB MANAGER (SPORTS) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD CHAMPIONSHIP SNOOKER 2003 (SPORTS (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD DANCE (KIDS GAME) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD SOCCER WINNING ELEVEN 8 (SPORTS) 1DVD (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD WAR 2 COMBAT IWOJIMA (WAR GAME) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD WAR 2 PRISONER OF WAR (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\W_32_DASM (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\XARA 3D (All Versions) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\XPAND RALLY (RACING) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\YAGER (3D ACTION ADVENTURE) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\YU GI OH POWER OF CHAOS JOEY THE PASSION (CARD GAMES) (crack).exe Infected: P2P-Worm.Win32.Deecee.a 1
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.1_Crack_and_Keygen_2009.01.25.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.2_Crack_and_Keygen_2009.01.25.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5..World.at.War_Crack_and_Keygen_2009.01.03.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5..World.at.War_Crack_and_Keygen_2009.01.25.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5_Crack_and_Keygen_2009.01.03.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5_Crack_and_Keygen_2009.01.25.working.zip Infected: Trojan-Spy.Win32.VB.awy 2
C:\Program Files\Musicmatch\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\Musicmatch\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

[bpstone]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:19 PM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 11482 bytes

[bpstone]

Thanks for your help so far. I'm still getting re-directed to other sites, though my computer seems fine other than that.

bryan

[Bio-Hazard]

You have lot of cracked version of Games on your computer. You need to remove them before we can continue with any further. Please remove them from your system. Here is our forums Malware Removal Forum Guidelines and Rules. Here is quote from it:

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.

Delete files

Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

Files:
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\25 TO LIFE (SHOOTER) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\2FAST DRIVER (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D HOME ARCHITECT (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D MARK (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\3D STUDIO MAX (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\500 RETRO CLASSIC C64 (JOCULETE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ACID WAV(All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ACRONIM BUSTER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ADOBE FRAMEMAKER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AFTER DARK (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ALDUS PHOTO STYLER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANARCHY ONLINE CLASSIC EDITION (ONLINE) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANDROMEDA_Varifocus (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANTARES AUTOTUNE (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ANTIVIRAL TOOLKIT PRO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ARMY MEN II (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AROUND THE WORLD IN 80 DAYS (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Assassin s Creed (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUDIOACTIVE STUDIO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUTODESK 3D STUDIO VIZ (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\AUTODESK MECANICAL DESKTOP (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BACKYARD BASEBALL 2007 (SPORT) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BARD S TALE (RPG) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BASEBALL MOGUL 2007 (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BASS TOURNAMENT 3D (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BIG OIL (TYCOON) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BLACK AND WHITE 2 (STRATEGY) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND C++ (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND JAVA BUILDER (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BORLAND TURBO ASAMBLER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BRAVEHEART (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BROTHERS IN ARMS ROAD TO HILL 30 (3D SHOOTER) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\BROTHERS IN ARMS ROAD TO HILL 30 (3D SHOOTER) 1DVD 1 DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CABELA S OUTDOOR ADVENTURES (HUNTING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CARS (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Casino Island To Go (Actiune) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CD EX (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CD_WORX (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CHAMPIONSHIP MANAGER 2006 (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CHAMPIONSHIP MANAGER 3 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CITY LIFE (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CIVIL AIR PATROL (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CLOSE COMBAT III (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COPS 2170 THE POWER OF LAW (ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COREL (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\COREL XARA (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CRAZY MACHINES NEWS OUT OF THE LABORATORY (PUZZLE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CREATURES 3 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\CROSS RACING CHAMPIONSSHIP 2005 (RACING) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\D LUSION Drumstation (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DARK TREE (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DARKSTAR ONE (ACTION) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DFX (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DIRECTX Acoustic Modeler (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DISCIPLES SACRED LANDS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DROD JOURNEY TO ROOTED HOLD (PUZZLE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DROP DELUXE (ARCADE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DUCATI WORLD CHAMPIONSHIP (RACING) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\DUNGEON KEEPER 1 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EAGLE POINT (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EAST FRONT II (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ECHO SECRETS OF THE LOST CAVERN (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EUCLID_Quantum (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EVOLUTION GT (RACING) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\EXTENSIS_PhotoGraphics (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\F16 AGGRESSOR (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FAMILY GAME ROYALE PACK (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Fantasy Wars (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FIGHTING STEEL (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FIRST BATTALION (ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLASH (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLASHPOINT BALKANS (ADDON BATTLEFIELD VIETNAM) (SHOOTER) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FLIGHT DECK 4 (ADDON MFS2004) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FORGOTTEN REALMS DEMON STONE (RPG) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FORMULA 1 CHAMPIONSHIP 2000 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\FRACTAL DESIGN PAINT (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Gears of War (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GLACIER (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GOTHIC 2 GOLD EDITION (+HIGHT OF RAVEN) (RPG) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GP 500 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GRIM FANDANGO (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\GUARDIAN OF DARKNESS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HEAVY GEAR 2 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOME WORLD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CARD GAMES 2007 (CARD GAMES) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CASINO 2007 (CARD GAMES) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HOYLE CHESS SERIES (SAH) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HYPE The Time Quest (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\HYPER 3D PINBALL (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\IRON WARRIORS T72 TANK COMMAND (TANK SIM) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\IVEX WINBOARD (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JAGGED ALLIANCE 2 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JBL SMAART (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JET AUDIO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\JUICED (RACING) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\KING OF DRAGON PASS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\KING S QUEST COLLECTION SERIES VOL.1 (KING QUEST GAMES) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LANDS OF LORE 3 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LATEX (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LEGION AREA GOLD EDITION (STRATEGY) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LIQUIDATOR (ACTION) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LOGO STAR WARS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LONDON RACER POLICE MADNESS (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Lost Planet Extreme Condition (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\LULA 3D (EROTIC) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MACROMEDIA FIREWORKS (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MANCHESTER UNITED INTERACTIVE QUIZ 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MATHCAD (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\McAFEE (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MESSIAH (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MGNETO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MONKEYS ADVENTURES (ACTION PLATFORM) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MONOPOLY 3 (MONOPOLY) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MOZART (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MS ACCESS (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms DICTATION (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\MS LIQUID MOTION (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms SQL Server (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Ms SQL SERVER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NASTRAN (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NEO CRON GOLD EDITION (MMORPG) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NETSCAPE (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NHL 2007 (SPORT) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\NORTON CRASHGUARDS (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OBSCURE (ADVENTURE HORROR) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OPERATIONAL ART OF WAR 2 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\OSTRICH RUNNER (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PAINTER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PANZER CAMPAIGNS MOSCOW 41 (STRATEGY) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PANZER GENERAL 3D Assault (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PARADISE SOKAL (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PARTITION RESIZER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PHOENIX (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PHOTO BITS (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PICK ME, HONEY! (EROTIC) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PIXEL 3D (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PLAYBOY THE MANSION GOLD EDITION (SIMULATION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POKER NIGHT (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POLAR VS TRANSFER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POOL MASTER LIVE BILLIARDS (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\POWER DVD (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\PRO CYCLING MANAGER 2006 (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\QUAKE II (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\REAL MYST (10th ANNIVERSARY EDITION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\RM LOGO CHANGER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROBOCOP 3D SHOOTER MAI.2003 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROGUE SPEARS URBAN OPERATIONS pack (action) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROGUE TROOPER (ACTION) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROLLER COASTER TYCOON 3 SOAKED! (TYCOON) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ROSSO RABBIT IN TROUBLE (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SDD (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Secret Wive s Club (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SECRETS OF THE EAST (PUZZLE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SENSIBLE SOCCER 2006 (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SEPTERA CORE Legacy of the Creator (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHADOW MAN (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHADOWBANE ONLINE (MMORPG) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHATTERED UNION (STRATEGY) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHOGUN TOTAL WAR WARLORD EDITION (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SHREDDER 9 (CHESS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SiN EPISODE 1 EMERGENCE (ACTION) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SLAVE PAGEANT (adult) – (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SMART DRAW (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SNIFFER PRO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SOFTICE 3.24 (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SOULBRINGER (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPACE EMPIRES STARFURY (3D ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPACE INTERCEPTOR PROJECT FREEDOM (FLIGHT SIM) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SPIN THE BOTTLE (QUIZ) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Sqiek (c) Magnussoft 1 Jump n Run (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STABLE MASTERS 2 (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR TREK Armada (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS COLLECTION DISK 1 (STAR WARS GAMES) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS COLLECTION DISK 2 (STAR WARS GAMES) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STAR WARS GALACTIC BATTLEGOUND (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STARCRAFT – BROODWAR (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STARSIEGE (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STEINBERG WAVELAB (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\STREET RACING SYNDICATE (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Supreme Commander Forged Alliance (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SUPREME RULER 2010 (STRATEGY) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\SWORD OF THE STARS (STRATEGY) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Sword of the Stars Born of Blood (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\T RACKS (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TANGO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE BUTCHER (3D ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE CREED (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE DIG (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\The Italian Job (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE LORD OF THE RINGS BATTLE FOR MIDDLE EARTH (3D ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\The Settlers Rise of an Empire (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE SIMS 2 UNIVERSITY (LIFE SIM) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THE STALIN SUBWAY (SHOOTER) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THEOCRACY (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\THUNDERBOLD 2 (FLIGHT SIM) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TIME TO RIDE SADDLES AND STABLES (KIDS GAME) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOCA 2 Touring Cars (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOCA RACE DRIVER 2 (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOM CLACY S SPLINTER CELL MISSION PACK ADDON (ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOMB RAIDER 2 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOMB RAIDER THE ANGEL OF DARKNESS ACTION ADVENTURE (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TONY HAWK’S PRO SKATER 2 (simulation) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOTAL AIR WAR (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TOTAL PINBALL 25 (PINBALL) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRAIN DRIVER (SIMULATION) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRAXMAKER (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIBES 2 (action) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIDONIS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TRIVIAL PURSUIT UNHINGED (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TURBO BASIC (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Turbo GT (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\TWEAK UI (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UEFA Challenge (football) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ULTIMATE SOLITAIRE (SOLIATIRE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\ULTIMATE VICE CITY 2 (ADDON FOR GTA3 VICE CITY) (ACTION) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UNREAL TOURNAMENT 2003 (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\UNREAL TOURNAMENT 2004 EXTRA MAPS (72 HARTI NOI) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Unreal Tournament Tactical Ops Bereta 9 mm (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\URBAN ASSAULT (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\URU AGES BEYOND MYST (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\USA BASS CHAMPIONSHIP (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VAMPIRE THE MASQUERADE BLOODLINES (RPG) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VCD CUTTER for (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VERN (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIETCONG 2 (SHOOTER) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIETNAM Black Ops (action) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIGILANCE (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIRTUA COP (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VIRTUAL POOL HALL (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISIO (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISUAL AGE FOR JAVA (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VISUAL BUSINESS CARD (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\VOYAGE (ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WALT DISNEY COLLECTION (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WAR CHESS (CHEES) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WAR WORLD TACTICAL COMBAT (ONLINE SHOOTER) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WARDOVES Secret Weapon of Worldwar (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WARHAMMER 4000 Rites of War (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\Warrior King Battles (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WATER WORLD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WEB PAGE CONSTRUCTION Kit (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WHERE IS IT (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WILL ROCK – (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WINDAC (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WOLVES CLUB MANAGER (SPORTS) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD CHAMPIONSHIP SNOOKER 2003 (SPORTS (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD DANCE (KIDS GAME) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD SOCCER WINNING ELEVEN 8 (SPORTS) 1DVD (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD WAR 2 COMBAT IWOJIMA (WAR GAME) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\WORLD WAR 2 PRISONER OF WAR (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\W_32_DASM (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\XARA 3D (All Versions) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\XPAND RALLY (RACING) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\YAGER (3D ACTION ADVENTURE) (crack).exe
C:\Program Files\Curious Labs\Poser 6\Templates\v3blousepak\YU GI OH POWER OF CHAOS JOEY THE PASSION (CARD GAMES) (crack).exe
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.1_Crack_and_Keygen_2009.01.25.working.zip
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.2_Crack_and_Keygen_2009.01.25.working.zip
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5..World.at.War_Crack_and_Keygen_2009.01.03.working.zip
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5..World.at.War_Crack_and_Keygen_2009.01.25.working.zip
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5_Crack_and_Keygen_2009.01.03.working.zip
C:\Program Files\DC++\Downloads\!!_Call.of.Duty.5_Crack_and_Keygen_2009.01.25.working.zip

[bpstone]

They are now all removed. Thanks.