Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT & MBAM Logs to analyze


  • This topic is locked This topic is locked
6 replies to this topic

#1 ken S

ken S

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:05:45 AM

Posted 21 September 2009 - 06:50 AM

I had Antivirus Pro 2010 and my posts for that were in the "I'm infected , what can i do?" Forum. I followed the threads for an answer to a similar problem while waiting. I have most of the problems fixed and my McAfee Security Center reinstalled. Please look over the two log files from Sunday 9-20. HJT was downloaded and run from Trend Micro. MBAM was downloaded from CNET. The only thing I was suspicious of yesterday afternoon, is when I did a Bing search for Malwarebytes.org, (because it wasn't saved in my Favorites), it did not open when I clicked on it from the results list. I ended up using the download from CNET. Thanks so much for people like you helping people like me. Ken S.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:15 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\Hallmark\Hallmark Card Studio Photo Card Edition\Planner\PLNRnote.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKCU\..\Run: [OM_Monitor] ; C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O4 - Global Startup: Photo Card Event Planner Reminder.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193415415687
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0240311253459555) (0240311253459555mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\024031~1.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8144 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2831
Windows 5.1.2600 Service Pack 3

9/20/2009 1:37:30 PM
mbam-log-2009-09-20 (13-37-30).txt

Scan type: Quick Scan
Objects scanned: 104399
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tftp.msc (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\FILTER.sys (Trojan.DNSBlocker) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 PM

Posted 08 October 2009 - 05:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ken S

ken S
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:05:45 AM

Posted 08 October 2009 - 09:07 AM

First, thank you for looking at my last post. I have not changed anything since posting the HJT & MBAM logs on 09/20/09. Everything seems to be fixed and McAfee running OK, but I did see some errors noted in the Extras.txt log. I did the OTL as a reference for you to see, as it has been since 9/20/09 that HJT & MBAM were run. OTL & Extras Logs follow:

OTL logfile created on: 10/8/2009 9:26:49 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.72 Mb Total Physical Memory | 419.80 Mb Available Physical Memory | 41.09% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.35 Gb Total Space | 160.24 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 3.95 Gb Total Space | 1.36 Gb Free Space | 34.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEOFFICE-NR1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2005/02/24 10:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/12/23 04:58:15 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2005/01/06 13:41:22 | 00,462,848 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbxcoms.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/11/03 00:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/01/18 05:43:04 | 00,196,608 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
PRC - [2004/09/17 09:24:02 | 00,061,440 | ---- | M] () -- C:\Program Files\Lexmark 7100 Series\ezprint.exe
PRC - [2005/08/06 00:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/05/28 09:33:10 | 00,655,360 | ---- | M] (McAfee) -- C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
PRC - [2009/07/08 20:22:24 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2002/07/31 14:22:26 | 01,742,384 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\BigFix.exe
PRC - [2008/08/29 16:30:26 | 00,257,880 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
PRC - [2007/07/03 18:50:42 | 00,110,920 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Hallmark\Hallmark Card Studio Photo Card Edition\Planner\PLNRnote.exe
PRC - [2008/04/23 16:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/08 09:26:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/27 11:42:47 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/01/06 13:41:22 | 00,462,848 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxbxcoms.exe -- (lxbx_device [On_Demand | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/02/24 10:32:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/23 04:58:15 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2005/12/23 04:56:00 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/03/08 13:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2005/03/05 04:10:38 | 00,157,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/06/17 18:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/06/17 18:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2008/05/28 09:32:42 | 00,061,688 | ---- | M] (McAfee) -- C:\WINDOWS\System32\drivers\McPvDrv.sys -- (McPvDrv [Boot | Running])
DRV - [2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/07/08 13:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/07/08 13:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
DRV - [2009/07/08 13:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2001/08/17 16:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2005/02/24 10:32:00 | 03,454,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/10 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/07/20 17:37:22 | 00,035,712 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\System32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2005/07/18 22:40:40 | 01,019,064 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2004/11/15 21:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2003/07/01 05:19:54 | 00,015,576 | R--- | M] () -- C:\WINDOWS\System32\Drivers\usbbc.sys -- (Wdm1 [On_Demand | Stopped])
DRV - [2004/06/17 18:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\S-1-5-21-2141977767-2994533718-58751993-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\S-1-5-21-2141977767-2994533718-58751993-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/31 05:57:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 20:26:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/26 04:33:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 7100 Series\ezprint.exe ()
O4 - HKLM..\Run: [FaxCenterServer4_in_1] C:\Program Files\Lexmark 7100 Series\fm3032.exe ()
O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [LXBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.DLL ()
O4 - HKLM..\Run: [lxbxmon.exe] C:\Program Files\Lexmark 7100 Series\lxbxmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\MB\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKU\S-1-5-21-2141977767-2994533718-58751993-500..\Run: [MSMSGS] File not found
O4 - HKU\S-1-5-21-2141977767-2994533718-58751993-500..\Run: [OM_Monitor] File not found
O4 - HKU\S-1-5-21-2141977767-2994533718-58751993-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk = C:\WINDOWS\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Card Event Planner Reminder.lnk = C:\WINDOWS\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2141977767-2994533718-58751993-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193415415687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/20 10:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/09/20 11:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
[2009/09/20 11:15:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/09/20 07:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/26 05:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/09/20 07:04:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/09/26 05:36:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2009/09/20 11:27:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\McAfee Anti-Theft
[2009/09/20 11:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/09/20 06:53:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/14 11:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/20 08:38:31 | 00,000,000 | ---D | C] -- C:\Program Files\MB
[2009/09/20 11:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/09/20 11:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/09/20 07:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/18 12:05:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/26 05:36:35 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/08 09:25:32 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/20 12:38:53 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2009/09/20 12:38:30 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe
[2009/09/20 11:21:31 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Administrator\My Documents\McAfee Vaults
[2009/09/20 11:12:47 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/09/20 11:12:47 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/09/20 11:12:47 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/09/20 11:12:42 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/09/20 11:04:46 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/09/20 10:04:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/20 09:26:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/20 09:19:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 09:19:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 09:19:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 09:19:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 08:06:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/20 08:06:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/20 06:23:37 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mb.exe
[2009/09/17 19:11:02 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/17 16:52:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/16 16:50:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/12 23:28:50 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/09/09 00:02:32 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/08 09:26:05 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/08 09:11:46 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Retirement IRA Investments.xls
[2009/10/08 08:43:08 | 00,002,535 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Card Event Planner Reminder.lnk
[2009/10/08 08:43:07 | 00,002,499 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk
[2009/10/08 08:43:07 | 00,000,780 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/08 08:42:53 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/07 16:24:14 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Website Passwords.xls
[2009/10/05 12:46:27 | 00,007,887 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/02 16:00:12 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Business Journal 2009.xls
[2009/10/01 08:12:33 | 03,535,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sandy Bus Card backside2.doc
[2009/09/28 18:29:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/28 18:29:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/28 18:29:46 | 10,714,23488 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 12:45:08 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hairlines Business Journal 2009.xls
[2009/09/24 09:31:43 | 00,003,992 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\KasReport.html
[2009/09/24 08:48:09 | 00,153,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/21 09:32:25 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Consumers Energy Paid.xls
[2009/09/20 13:28:45 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 12:39:01 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2009/09/20 12:38:35 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe
[2009/09/20 11:21:30 | 00,001,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Anti-Theft.lnk
[2009/09/20 11:15:57 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/09/20 11:15:29 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/09/20 11:12:20 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/09/20 11:12:19 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/20 10:07:15 | 00,098,137 | ---- | M] () -- C:\MGlogs.zip
[2009/09/20 09:54:25 | 00,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 09:53:53 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/20 09:26:56 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/09/20 07:04:20 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/19 11:29:10 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
[2009/09/19 11:10:52 | 02,381,322 | ---- | M] () -- C:\MGtools.exe
[2009/09/19 11:08:24 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mb.exe
[2009/09/19 11:03:10 | 07,174,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/09/18 10:53:14 | 00,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/15 18:24:57 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2009/09/15 08:55:36 | 00,002,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2009.lnk
[2009/09/15 06:00:39 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/13 13:35:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/01 08:07:58 | 03,535,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sandy Bus Card backside2.doc
[2009/09/24 09:31:42 | 00,003,992 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\KasReport.html
[2009/09/20 11:21:30 | 00,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Anti-Theft.lnk
[2009/09/20 11:16:58 | 00,007,887 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/09/20 11:15:57 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/09/20 11:15:29 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/09/20 11:12:20 | 00,000,356 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/09/20 11:12:19 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/09/20 10:05:30 | 00,098,137 | ---- | C] () -- C:\MGlogs.zip
[2009/09/20 09:26:55 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/09/20 09:26:48 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/20 09:19:47 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 09:19:47 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 09:19:47 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 09:19:47 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 08:30:23 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 07:04:20 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/20 06:23:37 | 07,174,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/09/20 06:23:37 | 02,381,322 | ---- | C] () -- C:\MGtools.exe
[2009/09/20 06:23:37 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
[2008/03/26 12:22:09 | 00,100,864 | ---- | C] () -- C:\WINDOWS\keyhook2.dll
[2008/03/26 12:22:05 | 00,000,175 | ---- | C] () -- C:\WINDOWS\Skurz.ini
[2007/04/17 07:03:35 | 00,000,046 | ---- | C] () -- C:\WINDOWS\lxbxFax.INI
[2006/02/05 13:24:53 | 00,000,090 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/02/05 13:24:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/01/29 12:47:02 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/01/29 09:07:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/23 21:06:36 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/01/23 21:06:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2006/01/23 21:06:07 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/01/23 21:00:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBXPMON.DLL
[2006/01/23 21:00:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBXFXPU.DLL
[2006/01/23 20:56:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbxvs.dll
[2006/01/22 12:41:26 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/22 12:38:58 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/01/22 09:57:34 | 00,153,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/22 09:30:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/18 11:24:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2005/12/23 04:45:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/23 04:45:36 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2005/12/23 03:32:35 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 21:37:11 | 07,436,760 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2005/01/09 21:26:51 | 00,172,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/09 21:19:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2005/01/09 19:49:16 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 00,000,496 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:33 | 00,000,780 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 19:48:30 | 00,000,264 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/09 19:48:22 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/01/09 13:00:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
< End of report >

OTL Extras logfile created on: 10/8/2009 9:26:49 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.72 Mb Total Physical Memory | 419.80 Mb Available Physical Memory | 41.09% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.35 Gb Total Space | 160.24 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 3.95 Gb Total Space | 1.36 Gb Free Space | 34.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMEOFFICE-NR1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8080:TCP" = 8080:TCP:*:Enabled:localhost
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"8085:TCP" = 8085:TCP:*:Enabled:ddnsfilter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe" = C:\Program Files\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe:*:Enabled:OLYMPUS Master -- (OLYMPUS IMAGING CORP.)
"C:\Program Files\Solid Edge 2D Drafting V19\Program\Edge.exe" = C:\Program Files\Solid Edge 2D Drafting V19\Program\Edge.exe:*:Enabled:Solid Edge 2D Drafting -- (Unigraphics Solutions, Inc.)
"C:\Program Files\Lexmark 7100 Series\lxbxaiox.exE" = C:\Program Files\Lexmark 7100 Series\lxbxaiox.exE:*:Enabled:All-In-One Center -- (Lexmark International Inc.)
"C:\Program Files\Lexmark 7100 Series\LXBXlpx.exe" = C:\Program Files\Lexmark 7100 Series\LXBXlpx.exe:*:Enabled:Lexmark Productivity Suite -- ()
"C:\Program Files\Creative Home\Hallmark Card Studio 2009\Hallmark Card Studio 2009.exe" = C:\Program Files\Creative Home\Hallmark Card Studio 2009\Hallmark Card Studio 2009.exe:*:Enabled:Hallmark Card Studio 2009.exe -- (Creative Home)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{316A75E3-039D-4BF4-AC29-3FF91E8555CD}" = Lexmark Fax Solutions
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D008E41-F84D-4CC1-A8CF-B8419E51ACDF}" = Intel Audio Studio
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{78EBEC8C-4E78-4CFD-B787-0CB5DA8D476A}" = IntelliMover
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8B7B5F17-BE11-4B0B-B22F-F8DF7D1BCBE4}" = Solid Edge 2D Drafting V19
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97}" = McAfee Anti-Theft
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009
"{C885990F-A824-41A1-82FB-61E3859B4CE2}" = Hallmark Card Studio Photo Card Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 2.0
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F96906EC-C01E-4B15-BBD0-D5A48ACF724C}" = 2009 Hallmark Mother's/Father's Day Card Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BigFix" = BigFix
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"HijackThis" = HijackThis 2.0.2
"InstallShield_{316A75E3-039D-4BF4-AC29-3FF91E8555CD}" = Lexmark 7100 Series Fax Solutions
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Lexmark 7100 Series" = Lexmark 7100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Skurz Screen Saver" = Skurz Screen Saver
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TurboTax 2008" = TurboTax 2008
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2009 11:37:55 AM | Computer Name = HOMEOFFICE-NR1 | Source = MsiInstaller | ID = 11316
Description =

Error - 9/24/2009 6:38:42 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2009 6:38:47 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 9/25/2009 6:31:51 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.exe, version 9.15.126.0, faulting module
mcupdate.exe, version 9.15.126.0, fault address 0x0004ee09.

Error - 9/25/2009 6:31:58 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Error | ID = 1001
Description = Fault bucket 1478099390.

Error - 9/28/2009 6:25:25 AM | Computer Name = HOMEOFFICE-NR1 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4008 (0xfa8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.433
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\DAT\5752.0\avvscan.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 9/28/2009 6:25:41 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 6:25:48 AM | Computer Name = HOMEOFFICE-NR1 | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 10/4/2009 12:17:47 PM | Computer Name = HOMEOFFICE-NR1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module pngfilt.dll, version 6.0.2900.5512, fault address 0x000049ce.

Error - 10/4/2009 12:17:52 PM | Computer Name = HOMEOFFICE-NR1 | Source = Application Error | ID = 1001
Description = Fault bucket 736701282.

[ System Events ]
Error - 10/8/2009 5:46:35 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/8/2009 5:46:35 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/8/2009 5:46:35 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/8/2009 5:46:35 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/8/2009 5:46:35 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/8/2009 8:43:08 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/8/2009 8:43:08 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/8/2009 8:43:08 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/8/2009 8:43:08 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/8/2009 8:43:08 AM | Computer Name = HOMEOFFICE-NR1 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .


< End of report >

End of Post 10/08/2009 Thank You, Ken S.

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 PM

Posted 09 October 2009 - 04:57 AM

Hi,

the logs look pretty clean. Did you run ComboFix on your own?

I would like you to run a rootkit scan:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
and an online scan:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post back the 2 logs in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ken S

ken S
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Michigan
  • Local time:05:45 AM

Posted 09 October 2009 - 03:05 PM

I was referred to using Combofix from a thread I was reading in either Bleepingcomputer, Malwarebytes, MajorGeeks, or McAfee, and did it on my own as far as I remember. I was researching those forums when I got the problem on 9-12-09.
I could not get the ESET scanner to run. First it said I needed Active X and I clicked on the info bar to install, but then a message box saying retry came up and then session expired. All that showed up is a small icon in the upper LH corner of the window. Then using the part of the instruction that said it was for other browsers, I downloaded and saved the ESET installer and when I got to the signature files download page, there was a msg about 'cannot get update, is proxy configured'. So I did not get the ESET scanner log. You will need to help me to get it to work.
The Root Repeal log is pasted below. Thanks, Ken S.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/09 15:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF278F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BBA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEFE09000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_n3pmeuexzrmlx4w
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_p2kiunnopecqjtc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_xauvk9ajg97irzg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\$NtServicePackUninstall$\vdmredir.dll
Status: Could not get file information (Error 0xc0000008)

==EOF==

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 PM

Posted 09 October 2009 - 05:05 PM

Hi,

could you please check if you still have the file C:\combofix.txt on your PC. I would like to see the contents.

If you can not get ESET to run, please try an alternative scanner such as Kaspersky:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
let me know if this works for you.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 PM

Posted 16 October 2009 - 08:18 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users