Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Update-BankerFox.A Nugel.E - Removed with Malwarebytes and now can not

Started by chansey , Jan 23 2010 12:16 PM

Please log in to reply

#1
chansey

Posted 23 January 2010 - 12:16 PM

Member

Member
46 posts

I believe I have corrected the problems, but I have a final question that is below in red.

After posting this topic and restored the tfqesysguard.exe (Trojan.FakeAlert) that Malwarebytes had originally quarantined. I renamed the tfqesysguard.exe by adding the letter z in front of the tfqesysguard.exe, and then did a system restore back to Wednesday's date... which got me back onto the Internet with no BankerFox.A or Nugel.E popups, but my McAfee was still disabled.

I ran the TFC and then the ERUNT, and then ran a new Malwarebytes quick scan which found no malicious items. I updated my McAfee, which restored it, and am now running a full McAfee scan.

The full McAfee virus scan did not find anything, and I did the reboot test. There were no pop-ups and my McAfee started fine after rebooting. Only one concern is that I now have a website icon on my desktop that I did not put there, called "MVTHealthCheck_Deviation". I am afraid to click on it to open it up, since I didn't put the icon there.

I did a search on this, but didn't come up with any information. How can I tell if this icon is not part of the previous virus?

>>> Update at 8:45pm cst: After doing a chat with McAfee Technicians, I found out that the MVTHealthCheck_Deviation icon is the results from the McAfee Virtual Technician that I ran earlier this afternoon when trying to fix my McAfee.

So all I need to know now, since I ran TFC, ERUNT, ran a quick Malwarebytes and full McAfee scan with both showing no malicious items, and then rebooted the computer with no problems, is there something else I can run to make sure my original problems have been fixed, or just wait and see?

My original post from this morning is below.

-----------------

I got hit with the BankerFox.A and Nugel.E virus. I had the popups stating security issues, security shields all along the task bar showing different .exe's infected, and [bleep] sites automatically opening up.

I ran a Malwarebytes scan and it found 3 items, which I followed directions to restart my computer so Malwarebytes could finish.

Now I can not access the Internet at all. I tried to go in and restore the deletes to see if that would allow access to the Internet, but the Registry Value Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jetwqvmn (Trojan.FakeAlert) is not in the Quarantined Section. I am using a different computer to write this.

Here is the log (typed by hand since I'm on a different comnputer) from the Malwarebytes Scan. Any help would greatly be appreciated!!!

Malwarebytes' Anti-Malware 1.44
Database version: 3617
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2010 10:55:36 AM
mbam-log-2010-01-23 (10-55-36).txt

Scan type: Quick Scan
Objects scanned: 6744
Time elapsed: 3 minutes(s), 12 seconds(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\exlffu\tfqesysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Value Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jetwqvmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detedted)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\exlffu\tfqesysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by chansey, 23 January 2010 - 08:50 PM.

#2
RKinner

Posted 26 January 2010 - 10:32 PM

Malware Expert

Expert
24,624 posts

I expect IE was looking for a proxy which was removed by MBAM. In IE, Tools, Internet Options, Connections, LAN Settings then uncheck all boxes and OK. Close IE and restart. It will probably work now.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

Edited by RKinner, 26 January 2010 - 10:33 PM.

#3
chansey

Posted 27 January 2010 - 02:29 AM

Member

Topic Starter
Member
46 posts

I downloaded Combofix, renamed it to George.exe and ran it. After the log opened, I did a File, Exit, but it never gave me the option to answer 'Yes' to save changes.

Here is the paste of the file that was created in C:\Combofix.txt

ComboFix 10-01-26.02 - Owner 01/27/2010 1:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.373 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\george.exe.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\xxxbomapavemexxx.vbs
c:\documents and settings\All Users\Documents\xxxibyrymxxx.vbs
c:\documents and settings\All Users\Documents\xxxonuzyjomxxx.vbs
c:\documents and settings\All Users\Documents\xxxwisavatxxx.inf
c:\documents and settings\All Users\Documents\xxxyqukokosuxxx.reg
C:\LOG.TXT
c:\program files\Common
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Shared
c:\recycler\S-1-5-21-576968320-3974162068-635719018-1003
c:\windows\desktop
c:\windows\desktop\Cook'n with Betty Crocker.lnk
c:\windows\gijesyno.inf
c:\windows\iloponoxiv.inf
c:\windows\mreg.reg
c:\windows\system32\ps2.bat
c:\windows\viassary-hp.reg
c:\windows\wiaserviv.log
c:\windows\wiaservv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-24 15:37 . 2010-01-24 15:37 -------- d-sh--w- c:\documents and settings\Administrator.MAIN.001\PrivacIE
2010-01-23 20:38 . 2010-01-23 20:39 -------- d-----w- c:\program files\ERUNT
2010-01-23 20:14 . 2010-01-23 20:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-23 14:03 . 2010-01-23 14:03 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\PrivacIE
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\Application Data\Malwarebytes
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\IETldCache
2010-01-23 09:20 . 2010-01-23 09:20 919336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 22:27 . 2010-01-22 22:27 -------- d-----w- c:\documents and settings\Administrator.MAIN\PrivacIE
2010-01-22 22:14 . 2010-01-22 22:14 -------- d-----w- c:\documents and settings\Administrator.MAIN\Application Data\Malwarebytes
2010-01-21 03:31 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Tables
2010-01-21 03:27 . 2010-01-23 20:13 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-21 03:27 . 2010-01-21 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\program files\Nikon
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-01-21 03:27 . 2010-01-21 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\String Comparison
2010-01-21 03:25 . 2010-01-21 03:25 -------- d-----w- c:\program files\ArcSoft
2010-01-15 02:20 . 2010-01-15 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2010-01-13 07:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\program files\GSPNA
2009-12-31 01:52 . 2009-12-31 02:01 -------- d-----w- c:\program files\CasinoBJ
2009-12-31 01:45 . 2005-04-26 15:05 122880 ----a-w- c:\windows\system32\duninstall.exe
2009-12-31 01:45 . 2009-12-31 01:45 -------- d-----w- c:\program files\Zoo
2009-12-30 02:10 . 2009-12-30 02:10 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-30 02:10 . 2006-08-15 17:42 200704 ----a-w- c:\windows\system32\UpdateDriver.exe
2009-12-30 02:10 . 2009-12-30 02:10 -------- d-----w- c:\program files\Belkin
2009-12-30 01:25 . 2007-07-27 02:08 19072 ----a-r- c:\windows\system32\drivers\ax88772.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 07:45 . 2004-01-27 12:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 07:45 . 2010-01-27 07:45 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7732538c-n\decora-sse.dll
2010-01-27 07:45 . 2010-01-27 07:45 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1752683c-n\msvcp71.dll
2010-01-27 07:45 . 2010-01-27 07:45 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1752683c-n\jmc.dll
2010-01-27 07:45 . 2010-01-27 07:45 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1752683c-n\msvcr71.dll
2010-01-27 07:45 . 2010-01-27 07:45 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7732538c-n\decora-d3d.dll
2010-01-27 07:45 . 2004-01-27 12:53 -------- d-----w- c:\program files\Java
2010-01-24 01:15 . 2008-08-09 10:18 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
2010-01-21 03:31 . 2010-01-21 03:31 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-01-21 03:27 . 2010-01-21 03:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-01-21 03:25 . 2004-01-27 13:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 13:46 . 2005-11-25 22:11 -------- d-----w- c:\program files\Mirc
2010-01-15 07:44 . 2004-08-17 11:08 -------- d-----w- c:\program files\m6.16
2010-01-15 07:21 . 2009-02-28 22:44 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-01-15 06:41 . 2008-05-30 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-15 04:10 . 2005-01-18 02:33 -------- d-----w- c:\program files\LeapFTP1
2010-01-15 02:19 . 2009-11-07 10:34 -------- d-----w- c:\program files\McAfee
2010-01-15 02:19 . 2009-11-07 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-12 02:41 . 2008-08-11 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 02:40 . 2008-08-24 17:28 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 01:38 . 2010-01-10 01:38 144160 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2010-01-10 01:38 . 2009-06-16 18:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2010-01-10 01:38 . 2009-12-10 21:23 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
2010-01-09 05:11 . 2005-12-05 03:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Star
2010-01-07 22:07 . 2009-11-14 20:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-11-14 20:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 08:21 . 2004-08-26 10:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-01-02 06:23 . 2004-08-12 19:10 -------- d-----w- c:\program files\Yahoo!
2009-12-31 16:18 . 2007-04-25 15:29 -------- d-----w- c:\program files\WrapCandy70
2009-12-21 19:14 . 2004-01-21 22:20 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-12-21 19:14 . 2004-01-21 22:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14 . 2004-01-21 22:16 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-12-21 19:14 . 2009-03-08 10:32 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2009-12-21 19:14 . 2009-03-08 10:39 11070464 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2009-12-17 23:14 . 2009-11-11 16:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 22:44 . 2009-12-16 22:44 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-16 22:44 . 2009-12-16 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-12-16 22:44 . 2009-12-16 22:43 -------- d-----w- c:\program files\AIM
2009-12-16 22:43 . 2004-10-12 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-12-15 23:58 . 2009-12-15 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark Z2300 Series
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-10 09:32 . 2009-12-10 09:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-08 23:16 . 2009-11-23 20:30 17 ---ha-w- c:\documents and settings\Owner\Local Settings\Application Data\19720201.dat
2009-12-08 23:16 . 2009-11-23 20:30 -------- d-----w- c:\documents and settings\Owner\Application Data\www.EasyGiftSoftware.com
2009-12-08 23:15 . 2009-11-23 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\www.EasyGiftSoftware.com
2009-12-08 23:15 . 2009-11-23 20:30 -------- d-----w- c:\program files\www.EasyGiftSoftware.com
2009-12-07 12:23 . 2004-01-27 14:26 -------- d-----w- c:\program files\Easy Internet signup
2009-11-30 02:08 . 2009-11-15 03:58 38632 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 23:34 . 2004-09-10 09:15 54120 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-02-03 19:11 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 16:04 . 2009-11-11 15:42 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 15:42 . 2009-11-11 15:42 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-07 17:01 . 2004-01-27 11:48 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-07 16:58 . 2009-11-07 16:58 307200 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2005-10-12 13:48 . 2005-10-12 13:48 121 -c--a-w- c:\program files\new household arrangement.txt
2007-06-03 00:12 . 2007-06-03 00:12 10240 -csha-w- c:\windows\rnapxs\rnapxs.dat
2005-03-20 17:04 . 2005-03-20 16:04 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-01-27 13:39 . 2003-02-12 03:02 61440 c:\hp\KBD\bak\KBD.EXE
2004-01-27 13:39 . 2003-02-12 03:02 61440 c:\hp\KBD\kbd.exe

2006-03-30 22:45 . 2006-03-30 22:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2004-08-15 20:27 . 2003-07-03 20:31 45056 c:\program files\Brother\Brmfl03a\bak\BrStDvPt.exe

2003-08-19 16:01 . 2003-08-19 16:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2003-08-19 16:01 . 2003-08-19 16:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

2005-06-11 13:29 . 2002-11-26 20:30 153600 c:\program files\COMPAQ\Scroll Mouse\bak\gnetmous.exe

2004-01-27 13:35 . 2003-08-21 11:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe
2004-01-27 13:35 . 2003-08-21 11:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

2007-11-15 19:11 . 2007-11-15 19:11 267048 c:\program files\iTunes\bak\iTunesHelper.exe
2009-10-29 02:21 . 2009-10-29 02:21 141600 c:\program files\iTunes\iTunesHelper.exe

2004-01-27 12:53 . 2004-01-27 12:53 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2004-01-27 12:53 . 2004-01-27 12:53 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

2005-12-20 19:35 . 2004-09-17 13:24 61440 c:\program files\Lexmark 7100 Series\bak\ezprint.exe

2004-12-06 17:53 . 2004-12-06 17:53 286720 c:\program files\Lexmark 7100 Series\bak\fm3032.exe

2005-12-20 19:33 . 2005-01-18 09:43 196608 c:\program files\Lexmark 7100 Series\bak\lxbxmon.exe

2003-10-29 16:17 . 2003-10-29 16:17 135168 c:\program files\Multimedia Card Reader\bak\shwicon2k.exe
2003-10-29 17:17 . 2003-10-29 17:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

2004-01-27 14:00 . 2004-09-23 00:20 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
2004-01-27 14:00 . 2003-12-11 09:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

2004-05-13 11:38 . 2004-05-13 11:38 258114 c:\program files\NZSearch\bak\hcm.exe

2007-11-15 05:43 . 2007-11-15 05:43 286720 c:\program files\QuickTime\bak\bak\qttask.exe
2009-09-05 07:54 . 2009-09-05 07:54 417792 c:\program files\QuickTime\QTTask.exe

2007-11-15 05:43 . 2007-11-15 05:43 286720 c:\program files\QuickTime\bak\bak\qttask.exe

2002-08-12 15:07 . 2002-08-12 15:07 36864 c:\program files\Scansoft\PaperPort\bak\IndexSearch.exe

2002-08-12 14:33 . 2002-08-12 14:33 45108 c:\program files\Scansoft\PaperPort\bak\pptd40nt.exe

2007-05-23 22:17 . 2006-04-20 06:35 237568 c:\program files\Walgreens\Walgreens PhotoShow 4\data\Xtras\bak\mssysmgr.exe

2007-06-30 06:55 . 2007-06-07 20:08 4670968 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2004-01-27 14:18 . 2003-11-04 00:50 221184 c:\windows\SMINST\bak\RECGUARD.EXE
2004-01-27 14:18 . 2003-11-04 00:50 221184 c:\windows\SMINST\Recguard.exe

2007-09-21 12:27 . 2008-03-20 15:15 183 c:\windows\system\bak\hpsysdrv.DAT
2004-08-12 18:52 . 2010-01-25 06:07 246 c:\windows\system\hpsysdrv.dat

2004-01-27 12:57 . 1998-05-08 00:04 52736 c:\windows\system\bak\hpsysdrv.exe
2004-01-27 12:57 . 1998-05-08 00:04 52736 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" [N/A]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-27 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"VTTimer"="VTTimer.exe" [N/A]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2007-12-07 656040]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2007-12-07 16040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - c:\program files\Eyetide Media\Eyetide Viewer\EyetideController.exe [2004-10-22 827392]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-1-28 557056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-10-12 36953]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2009-11-11 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\Diagnostics\\LXDPdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 MFX;MFX; [x]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/7/2009 4:39 AM 93320]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [7/1/2009 2:18 PM 98984]
S2 mrtRate;mrtRate; [x]
S3 YPCXSY;YPCXSY;c:\docume~1\Owner\LOCALS~1\Temp\YPCXSY.exe --> c:\docume~1\Owner\LOCALS~1\Temp\YPCXSY.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-07 18:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-07 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
Trusted Zone: workathomeagent.net
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 02:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\mfx.sys 51472 bytes executable
C:\SYZ_DAT

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2010-01-27 02:21:21
ComboFix-quarantined-files.txt 2010-01-27 08:21

Pre-Run: 11,187,093,504 bytes free
Post-Run: 11,228,672,000 bytes free

- - End Of File - - 5422B0DB193E4B75287E4B0D59567843

#4
RKinner

Posted 27 January 2010 - 09:58 AM

Malware Expert

Expert
24,624 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

File::
c:\docume~1\Owner\LOCALS~1\Temp\YPCXSY.exe

Driver::
mrtRate
YPCXSY

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Try running MBAM again. It should not cause a problem now. Would also like an OTL log per the top post in the forum.

Also Combofix detected signs of PC Magic. Are you aware of this program?

Ron

#5
chansey

Posted 28 January 2010 - 06:07 AM

Member

Topic Starter
Member
46 posts

I have a question before rerunning Combofix. I followed the directions, but after I dragged the notepad to george, there was a message that a newer version of Combofix was available, and asked if I would like to update Combofix. I wasn't sure if I should click yes or no for the upgrade, so I did not accept the disclaimer so that I could ask you first.

Also, I am aware of the PC Magic program.

Edited by chansey, 28 January 2010 - 06:11 AM.

#6
RKinner

Posted 28 January 2010 - 09:45 AM

Malware Expert

Expert
24,624 posts

Don't suppose the new version would hurt so let it upgrade.

Ron

#7
chansey

Posted 30 January 2010 - 01:09 PM

Member

Topic Starter
Member
46 posts

I ran a new george (combo fix) scan, I ran another MBAM scan and no malicious items were found (however I could not update MBAM because of a 732(0,) error), and I also ran an OTL scan. Logs below:

George scan log

ComboFix 10-01-29.09 - Owner 01/30/2010 11:16:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.356 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\george.exe.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\YPCXSY.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRTRATE
-------\Legacy_YPCXSY
-------\Service_mrtRate
-------\Service_YPCXSY

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-24 15:37 . 2010-01-24 15:37 -------- d-sh--w- c:\documents and settings\Administrator.MAIN.001\PrivacIE
2010-01-23 20:38 . 2010-01-23 20:39 -------- d-----w- c:\program files\ERUNT
2010-01-23 20:14 . 2010-01-23 20:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-23 14:03 . 2010-01-23 14:03 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\PrivacIE
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\Application Data\Malwarebytes
2010-01-23 13:58 . 2010-01-23 13:58 -------- d-----w- c:\documents and settings\Administrator.MAIN.000\IETldCache
2010-01-23 09:20 . 2010-01-30 17:32 919336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 22:27 . 2010-01-22 22:27 -------- d-----w- c:\documents and settings\Administrator.MAIN\PrivacIE
2010-01-22 22:14 . 2010-01-22 22:14 -------- d-----w- c:\documents and settings\Administrator.MAIN\Application Data\Malwarebytes
2010-01-21 03:31 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Tables
2010-01-21 03:27 . 2010-01-23 20:13 -------- d-----w- c:\program files\Common Files\Nikon
2010-01-21 03:27 . 2010-01-21 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\program files\Nikon
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-01-21 03:27 . 2010-01-21 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-01-21 03:27 . 2010-01-21 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\String Comparison
2010-01-21 03:25 . 2010-01-21 03:25 -------- d-----w- c:\program files\ArcSoft
2010-01-15 02:20 . 2010-01-15 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2010-01-13 07:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 04:40 . 2009-02-28 22:44 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-01-27 07:45 . 2004-01-27 12:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 07:45 . 2004-01-27 12:53 -------- d-----w- c:\program files\Java
2010-01-24 01:15 . 2008-08-09 10:18 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
2010-01-21 03:31 . 2010-01-21 03:31 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-01-21 03:27 . 2010-01-21 03:27 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-01-21 03:25 . 2004-01-27 13:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 06:41 . 2008-05-30 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-15 04:10 . 2005-01-18 02:33 -------- d-----w- c:\program files\LeapFTP1
2010-01-15 02:19 . 2009-11-07 10:34 -------- d-----w- c:\program files\McAfee
2010-01-15 02:19 . 2009-11-07 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-12 02:41 . 2008-08-11 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 01:38 . 2009-06-16 18:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2010-01-09 05:11 . 2005-12-05 03:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Simple Star
2010-01-07 22:07 . 2009-11-14 20:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-11-14 20:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 08:21 . 2004-08-26 10:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-01-02 06:23 . 2004-08-12 19:10 -------- d-----w- c:\program files\Yahoo!
2009-12-31 16:18 . 2007-04-25 15:29 -------- d-----w- c:\program files\WrapCandy70
2009-12-31 02:01 . 2009-12-31 01:52 -------- d-----w- c:\program files\CasinoBJ
2009-12-31 01:53 . 2009-12-31 01:53 -------- d-----w- c:\program files\GSPNA
2009-12-31 01:45 . 2009-12-31 01:45 -------- d-----w- c:\program files\Zoo
2009-12-30 02:10 . 2009-12-30 02:10 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-30 02:10 . 2009-12-30 02:10 -------- d-----w- c:\program files\Belkin
2009-12-21 19:14 . 2004-01-21 22:20 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-12-21 19:14 . 2004-01-21 22:16 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-12-21 19:14 . 2004-01-21 22:16 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 19:14 . 2009-03-08 10:32 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2009-12-21 19:14 . 2009-03-08 10:39 11070464 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2009-12-17 23:14 . 2009-11-11 16:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 22:44 . 2009-12-16 22:44 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-16 22:44 . 2009-12-16 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-12-16 22:44 . 2009-12-16 22:43 -------- d-----w- c:\program files\AIM
2009-12-16 22:43 . 2004-10-12 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-12-15 23:58 . 2009-12-15 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark Z2300 Series
2009-12-10 09:32 . 2009-12-10 09:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-08 23:16 . 2009-11-23 20:30 17 ---ha-w- c:\documents and settings\Owner\Local Settings\Application Data\19720201.dat
2009-12-08 23:16 . 2009-11-23 20:30 -------- d-----w- c:\documents and settings\Owner\Application Data\www.EasyGiftSoftware.com
2009-12-08 23:15 . 2009-11-23 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\www.EasyGiftSoftware.com
2009-12-08 23:15 . 2009-11-23 20:30 -------- d-----w- c:\program files\www.EasyGiftSoftware.com
2009-12-07 12:23 . 2004-01-27 14:26 -------- d-----w- c:\program files\Easy Internet signup
2009-11-30 02:08 . 2009-11-15 03:58 38632 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 23:34 . 2004-09-10 09:15 54120 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-02-03 19:11 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 17:01 . 2004-01-27 11:48 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-07 16:58 . 2009-11-07 16:58 307200 ----a-w- c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\plugin\bin\pchnotify.exe
2005-10-12 13:48 . 2005-10-12 13:48 121 -c--a-w- c:\program files\new household arrangement.txt
2007-06-03 00:12 . 2007-06-03 00:12 10240 -csha-w- c:\windows\rnapxs\rnapxs.dat
2005-03-20 17:04 . 2005-03-20 16:04 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-01-27 13:39 . 2003-02-12 03:02 61440 c:\hp\KBD\bak\KBD.EXE
2004-01-27 13:39 . 2003-02-12 03:02 61440 c:\hp\KBD\kbd.exe

2006-03-30 22:45 . 2006-03-30 22:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2004-08-15 20:27 . 2003-07-03 20:31 45056 c:\program files\Brother\Brmfl03a\bak\BrStDvPt.exe

2003-08-19 16:01 . 2003-08-19 16:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2003-08-19 16:01 . 2003-08-19 16:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

2005-06-11 13:29 . 2002-11-26 20:30 153600 c:\program files\COMPAQ\Scroll Mouse\bak\gnetmous.exe

2004-01-27 13:35 . 2003-08-21 11:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe
2004-01-27 13:35 . 2003-08-21 11:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

2007-11-15 19:11 . 2007-11-15 19:11 267048 c:\program files\iTunes\bak\iTunesHelper.exe
2009-10-29 02:21 . 2009-10-29 02:21 141600 c:\program files\iTunes\iTunesHelper.exe

2004-01-27 12:53 . 2004-01-27 12:53 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2004-01-27 12:53 . 2004-01-27 12:53 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

2005-12-20 19:35 . 2004-09-17 13:24 61440 c:\program files\Lexmark 7100 Series\bak\ezprint.exe

2004-12-06 17:53 . 2004-12-06 17:53 286720 c:\program files\Lexmark 7100 Series\bak\fm3032.exe

2005-12-20 19:33 . 2005-01-18 09:43 196608 c:\program files\Lexmark 7100 Series\bak\lxbxmon.exe

2003-10-29 16:17 . 2003-10-29 16:17 135168 c:\program files\Multimedia Card Reader\bak\shwicon2k.exe
2003-10-29 17:17 . 2003-10-29 17:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

2004-01-27 14:00 . 2004-09-23 00:20 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
2004-01-27 14:00 . 2003-12-11 09:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

2004-05-13 11:38 . 2004-05-13 11:38 258114 c:\program files\NZSearch\bak\hcm.exe

2007-11-15 05:43 . 2007-11-15 05:43 286720 c:\program files\QuickTime\bak\bak\qttask.exe
2009-09-05 07:54 . 2009-09-05 07:54 417792 c:\program files\QuickTime\QTTask.exe

2007-11-15 05:43 . 2007-11-15 05:43 286720 c:\program files\QuickTime\bak\bak\qttask.exe

2002-08-12 15:07 . 2002-08-12 15:07 36864 c:\program files\Scansoft\PaperPort\bak\IndexSearch.exe

2002-08-12 14:33 . 2002-08-12 14:33 45108 c:\program files\Scansoft\PaperPort\bak\pptd40nt.exe

2007-05-23 22:17 . 2006-04-20 06:35 237568 c:\program files\Walgreens\Walgreens PhotoShow 4\data\Xtras\bak\mssysmgr.exe

2007-06-30 06:55 . 2007-06-07 20:08 4670968 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2004-01-27 14:18 . 2003-11-04 00:50 221184 c:\windows\SMINST\bak\RECGUARD.EXE
2004-01-27 14:18 . 2003-11-04 00:50 221184 c:\windows\SMINST\Recguard.exe

2007-09-21 12:27 . 2008-03-20 15:15 183 c:\windows\system\bak\hpsysdrv.DAT
2004-08-12 18:52 . 2010-01-30 17:35 246 c:\windows\system\hpsysdrv.dat

2004-01-27 12:57 . 1998-05-08 00:04 52736 c:\windows\system\bak\hpsysdrv.exe
2004-01-27 12:57 . 1998-05-08 00:04 52736 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" [N/A]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-27 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"VTTimer"="VTTimer.exe" [N/A]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2007-12-07 656040]
"lxdpamon"="c:\program files\Lexmark Z2300 Series\lxdpamon.exe" [2007-12-07 16040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Eyetide Launcher.lnk - c:\program files\Eyetide Media\Eyetide Viewer\EyetideController.exe [2004-10-22 827392]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-1-28 557056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-10-12 36953]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2009-11-11 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\Diagnostics\\LXDPdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 MFX;MFX; [x]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/7/2009 4:39 AM 93320]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [7/1/2009 2:18 PM 98984]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-07 18:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-07 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
Trusted Zone: workathomeagent.net
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\mfx.sys 51472 bytes executable
C:\SYZ_DAT

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Lexmark Z2300 Series\lxdpMsdMon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-01-30 11:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-30 17:50
ComboFix2.txt 2010-01-27 08:21

Pre-Run: 11,130,429,440 bytes free
Post-Run: 11,068,256,256 bytes free

- - End Of File - - C6391555C78D65E7A62ACEC5E783F6F2

--------------------------------

OTL log

OTL logfile created on: 1/30/2010 12:31:10 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.31 Gb Total Space | 10.33 Gb Free Space | 14.69% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.60 Gb Free Space | 14.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 263.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/30 12:29:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/10 15:39:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/07 04:17:00 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
PRC - [2007/12/01 01:16:54 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2006/10/22 12:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/09/07 13:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2003/10/29 11:17:30 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/09/16 14:19:24 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/21 05:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/14 19:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 18:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/02/11 21:02:48 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2003/02/03 10:29:12 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [1998/05/07 18:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/30 12:29:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/01 01:16:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/12/01 01:16:47 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2006/10/22 12:22:00 | 000,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/22 12:03:56 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/01/30 11:34:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [lxdpamon] C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1257591609875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/27 05:48:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/07 02:35:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891835792228352)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/30 12:29:17 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/30 11:14:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/30 11:14:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/30 11:14:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/30 11:14:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/27 01:57:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/27 01:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/23 14:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/23 14:21:57 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/20 21:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tables
[2010/01/20 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/01/20 21:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/20 21:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/01/20 21:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/20 21:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2010/01/20 21:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/20 21:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/12/10 03:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/11/11 10:13:58 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/11/11 10:13:58 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/11/11 10:13:58 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/11/11 10:13:57 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/11/11 10:13:57 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/11/11 10:13:56 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/11/11 10:13:56 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/11/11 10:13:56 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/11/11 10:13:54 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/11/11 10:13:52 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009/11/11 10:13:52 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009/11/07 14:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/12/13 19:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/09/17 10:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/09/17 10:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/03/19 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Motive
[2004/01/27 05:51:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/01/27 05:51:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/01/27 05:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/01/27 05:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/30 12:29:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/30 11:56:45 | 000,022,427 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/30 11:35:49 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/30 11:35:43 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/01/30 11:35:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/30 11:34:56 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/30 11:34:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/30 11:34:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 11:34:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 11:34:32 | 737,595,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/30 11:32:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/30 11:14:16 | 003,840,721 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\george.exe.exe
[2010/01/30 09:55:41 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WAHA Time Sheet.xls
[2010/01/26 23:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 22:45:05 | 003,213,747 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AutoRuns.arn
[2010/01/23 19:15:29 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2010/01/23 14:54:29 | 000,015,507 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MVTHealthCheck_Deviation.html
[2010/01/23 14:39:01 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/01/23 14:39:01 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/01/23 14:21:58 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/01/23 03:03:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 19:56:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 21:31:03 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/01/20 21:31:03 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\Components
[2010/01/20 21:31:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/20 21:27:05 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Conditionals
[2010/01/20 21:27:05 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\Commands
[2010/01/20 21:27:05 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/19 17:59:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 11:14:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/30 11:14:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/30 11:14:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/30 11:14:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/30 11:14:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/27 01:56:02 | 003,840,721 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\george.exe.exe
[2010/01/24 09:41:05 | 737,595,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/23 22:44:46 | 003,213,747 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AutoRuns.arn
[2010/01/23 14:54:29 | 000,015,507 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MVTHealthCheck_Deviation.html
[2010/01/23 14:39:01 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/01/23 14:39:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/01/23 03:20:13 | 000,919,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/20 21:31:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/01/20 21:31:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Components
[2010/01/20 21:31:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/20 21:27:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Conditionals
[2010/01/20 21:27:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Commands
[2010/01/20 21:27:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/20 09:05:22 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/30 19:57:19 | 000,000,145 | ---- | C] () -- C:\WINDOWS\XWords2.INI
[2009/12/29 20:10:32 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/11/23 14:30:41 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\art.udk
[2009/11/23 14:30:41 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\19720201.dat
[2009/11/11 10:14:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/11/11 10:13:58 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/11/11 10:13:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/11/07 04:00:15 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/07 04:00:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/01 14:18:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/07/01 14:18:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2008/08/08 23:45:37 | 000,019,042 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\vecezovexu.dll
[2008/08/08 23:45:37 | 000,016,665 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\etozuf._sy
[2008/08/08 23:45:37 | 000,016,426 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\adisov.ban
[2008/08/08 23:04:00 | 000,017,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\jyduxuh.sys
[2008/08/08 23:03:59 | 000,013,369 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\otib._sy
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/06/07 08:32:12 | 000,003,982 | ---- | C] () -- C:\WINDOWS\kj01d.sys
[2007/06/07 08:11:28 | 000,000,241 | ---- | C] () -- C:\WINDOWS\z56k2.ini
[2007/05/23 16:18:23 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\photoshow_express_setup.txt
[2007/02/16 20:20:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/15 06:19:19 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2006/09/14 19:37:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\office.ini
[2006/09/14 18:50:31 | 000,000,239 | ---- | C] () -- C:\WINDOWS\tb89r.ini
[2006/04/20 20:35:06 | 000,004,247 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/21 13:00:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/01/21 13:00:19 | 000,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/12/29 10:38:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2005/12/20 13:43:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2005/10/18 23:45:58 | 000,000,427 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2005/10/16 15:37:06 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2005/10/12 07:48:54 | 000,000,121 | ---- | C] () -- C:\Program Files\new household arrangement.txt
[2005/06/18 15:19:44 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/10 05:28:41 | 000,000,073 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/10/24 06:09:19 | 000,169,808 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\shb.dat
[2004/08/15 14:35:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2004/08/15 14:35:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2004/08/15 14:29:16 | 000,002,189 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004/08/15 14:28:06 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2004/08/15 14:28:06 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2004/08/15 14:28:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004/08/15 14:25:05 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/08/14 22:59:40 | 000,006,580 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/14 06:23:16 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.ini
[2004/08/13 05:45:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/28 02:41:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/28 02:29:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/28 01:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/28 01:57:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/27 08:34:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/27 08:34:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/27 08:34:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/27 08:33:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/27 08:32:01 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/27 08:26:56 | 000,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/27 08:26:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/27 08:26:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/27 08:13:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/27 08:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/27 07:23:17 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/27 07:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/27 07:09:01 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/01/27 06:49:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/27 06:40:50 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/27 06:40:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/27 06:40:36 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/27 05:52:57 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/27 04:41:25 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 02:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/13 13:41:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cdlock.dll
[2003/03/07 00:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/12/20 13:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7100Series
[2009/12/16 16:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/12/11 13:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/08/09 13:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2004/08/14 04:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/08/14 04:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/08 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/06/02 18:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/01/31 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/12/15 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Z2300 Series
[2009/08/25 08:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/18 14:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewSoft
[2010/01/20 21:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/10/16 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2004/08/16 02:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/20 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2005/10/16 12:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUIIMAGE
[2010/01/20 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables
[2010/01/15 00:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/08/14 04:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/08 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\www.EasyGiftSoftware.com
[2009/11/14 21:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/08/21 23:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2007/02/20 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\7100Series
[2007/06/07 06:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2007/06/07 07:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2009/10/07 08:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2007/06/02 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2004/12/10 05:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2004/01/28 02:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/10/14 18:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/06/02 20:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ispnews
[2005/03/18 02:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/09/06 07:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2005/10/16 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2009/01/24 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2004/08/16 02:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PPIMAGES
[2004/01/27 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/02 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SierraHome
[2010/01/08 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2008/08/20 21:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/12/31 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/06/07 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/22 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2009/12/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\www.EasyGiftSoftware.com
[2010/01/15 01:26:16 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/01 01:00:58 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/08/29 12:54:45 | 013,016,383 | ---- | M] (MyWrapper, Inc. ) -- C:\MyWrapperPlatinumSetup.exe
[2008/08/09 05:15:57 | 063,425,247 | ---- | M] (McAfee, Inc.) -- C:\sdat5357.exe

< MD5 for: AGP440.SYS >
[2008/08/14 15:45:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/07 10:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/11/07 10:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/08/14 15:45:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2003/09/24 12:46:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/07 10:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/09/24 05:46:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/11/07 10:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/09/23 15:20:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP237.tmp\ZAP237.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP312.tmp\ZAP312.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31B.tmp\ZAP31B.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP345.tmp\ZAP345.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36B.tmp\ZAP36B.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3ED.tmp\ZAP3ED.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47.tmp\ZAP47.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Debug\UserMode\UserMode] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ftpcache\ftpcache] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\mui\mui] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PIF\PIF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\setup.pss\setup.pss] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SxsCaPendDel\SxsCaPendDel] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

And the Extras log from the OTL

OTL Extras logfile created on: 1/30/2010 12:31:10 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.31 Gb Total Space | 10.33 Gb Free Space | 14.69% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.60 Gb Free Space | 14.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 263.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server -- ( )
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" = C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark Z2300 Series\Diagnostics\LXDPdiag.exe" = C:\Program Files\Lexmark Z2300 Series\Diagnostics\LXDPdiag.exe:*:Enabled: -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{152D98A0-1A4A-11DE-72AE-0C3234F92CD6}" = Baseball Mogul 2010 patch to 12.12
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{6661C844-F72D-44ED-823A-24862F2D1650}" = Print Artist Craft & Party Maker
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92B736B0-18EB-11DE-72AE-03391B6A2CD6}" = Baseball Mogul 2010
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{F126B3FA-EC90-4065-A71A-F99FD5AB2A2A}" = Crossword Puzzle Addict
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Alphabet Names" = Alphabet Names
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BroadJump Client Foundation" = BroadJump Client Foundation
"C679AA5F-C2C8-4EA8-9CD1-504A39AEC264" = Excavation from Compaq (remove only)
"Casino Poker" = Casino Poker
"CasinoBJ" = CasinoBJ
"CoffeeCup PixConverter" = CoffeeCup PixConverter
"Compaq Instant Support" = Compaq Instant Support
"ERUNT_is1" = ERUNT 1.1j
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Horoscopes" = Horoscopes
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA GART Driver" = NVIDIA GART Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpamSubtract" = SpamSubtract
"TextTwist Deluxe" = TextTwist Deluxe
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bce6e03966db8ddc" = WAH Assistant - 1
"f7f9cabe8c290ac7" = West At Home Gateway V2 - 1
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2009 2:19:11 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 9:56:35 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 9:56:48 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 1:58:55 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 1:59:10 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 1:59:30 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 2:00:02 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/22/2009 4:35:27 PM | Computer Name = MAIN | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wrapcandyprofessional.exe, P2 7.3.3065.32149,
P3 4836e80a, P4 system.windows.forms, P5 2.0.0.0, P6 4889dee7, P7 1521, P8 17,
P9 system.invalidoperationexception, P10 NIL.

Error - 12/23/2009 2:51:13 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 12/23/2009 11:11:41 PM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The lxdp_device service terminated unexpectedly. It has done this
1 time(s).

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 1/30/2010 1:16:26 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/30/2010 1:35:34 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService
service to connect.

Error - 1/30/2010 1:35:34 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The lxdpCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 1/30/2010 1:35:34 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

< End of report >

#8
RKinner

Posted 30 January 2010 - 02:23 PM

Malware Expert

Expert
24,624 posts

Your log looks good. Don't see anything. The 732 error says MBAM can't contact its server so make sure you turn off the mcafee firewall and antivirus while trying to run it.

Ron

#9
chansey

Posted 30 January 2010 - 03:04 PM

Member

Topic Starter
Member
46 posts

Ron, thank you so much for your help!!!

#10
RKinner

Posted 30 January 2010 - 03:34 PM

Malware Expert

Expert
24,624 posts

You still have Java 2 Runtime Environment, SE v1.4.2_03

Need to install the latest version which is 6.18 I think, Then uninstall it and the Java Updater program.

Ron