Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Trojan that takes over my computer


  • This topic is locked This topic is locked
22 replies to this topic

#1 jackedandhelpless

jackedandhelpless

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 07 January 2010 - 12:49 PM

I know I have malware and don''t know how to remove it. I have keys that are typed, computer reboots, and several other strange things occuring. I have tried Trend Micro, Malware Bytes and about 5 other programs to detect trojan. Nothing has worked. When I do netstat command I see an IP address lsitening that is not me 169.254.50.17. In addition, I get very strange IP addresses at times when I do IPCONFIG command to see what mine is. I am using a linksysy wireless router and really need help to get rid of this since I was hoping to not have to go through the hassles of a full rebuild from recovery then recreating all other apps. below are 3 logs per instructions. These are ordered as follows:DDS.txt then attach.txt then rootrepeal.txt - I will attach these as well.
Here is DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86

Run by HP at 10:44:48.48 on Thu 01/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.404 [GMT -6:00]



AV: MacroVirus *On-access scanning enabled* (Updated) {96A0710D-9FB9-4D45-B684-F6BB9C2594BE}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}



============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaSafeConnect.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Creative\Volume Panel\VolPanlu.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\bin\SanaMonitor.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Documents and Settings\HP\Desktop\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://www.google.com/ig?referrer=theme_ign

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

BHO: TbHelperObject Class: {6ddef7a2-c6b5-4869-8330-6db412f59552} - c:\windows\system32\TbHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"

mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [SanaSafeConnect] "c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnect.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [UpdReg] c:\windows\UpdReg.EXE

mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,RunDLLEntry

mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r

mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi go\console launcher\CTAPR2.exe" /r

mRun: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry

mRun: [SoundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - k:\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: google.com\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: windowsupdate.com\download

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245529511484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245529495859

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\hp\applic~1\mozilla\firefox\profiles\ig161hg6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=theme_ign

FF - component: c:\documents and settings\hp\application data\mozilla\firefox\profiles\ig161hg6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\hp\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\hp\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\hp\application data\mozilla\plugins\npatgpc.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}



============= SERVICES / DRIVERS ===============



R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2008-7-4 18110]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-5 11608]

R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2008-7-4 619390]

R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2008-7-4 423454]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-6 353680]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-5 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-5 185089]

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-20 464264]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-17 56816]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\trustedid\identity theft protection\agent\bin\SanaAgent.exe [2008-3-21 4937240]

R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnectWatcher.exe [2008-3-21 539160]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-3 115312]

R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-1 772992]

R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]

R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-8-28 9472]

R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectDriver.sys [2008-3-21 161304]

R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectFilter.sys [2008-3-21 29720]

R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectShim.sys [2008-3-21 27376]

S0 xhlatjbf;xhlatjbf;c:\windows\system32\drivers\xcrqga.sys --> c:\windows\system32\drivers\xcrqga.sys [?]

S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [2008-7-4 64964]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-17 79360]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-12 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-12 3072]



=============== Created Last 30 ================



2010-01-06 23:22:22 0 d-----w- c:\docume~1\hp\applic~1\Malwarebytes

2010-01-06 23:22:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-06 23:22:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 23:22:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-06 23:22:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-06 16:35:44 0 d-----w- c:\program files\Zone Labs

2010-01-05 23:21:45 0 d-----w- c:\program files\Avira

2010-01-05 23:21:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-12-28 18:15:29 0 d-----w- c:\program files\SlySoft

2009-12-19 18:22:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2009-12-17 22:25:12 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2009-12-12 11:41:50 0 d-sh--w- c:\documents and settings\hp\IECompatCache

2009-12-10 14:47:44 0 d-sh--w- c:\documents and settings\hp\PrivacIE

2009-12-10 14:44:13 0 d-sh--w- c:\documents and settings\hp\IETldCache

2009-12-10 14:44:06 0 d-----w- c:\windows\system32\Service

2009-12-10 14:32:50 0 dc-h--w- c:\windows\ie8



==================== Find3M ====================



2010-01-06 16:36:00 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-01-06 15:03:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-28 17:28:52 87608 ----a-w- c:\docume~1\hp\applic~1\inst.exe

2009-12-28 17:28:52 47360 ----a-w- c:\docume~1\hp\applic~1\pcouffin.sys

2009-12-03 12:59:11 164834 ----a-w- c:\windows\hpoins21.dat

2009-12-02 00:05:52 2560 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys

2009-11-17 20:39:27 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2009-11-17 20:39:27 110592 ----a-w- c:\windows\system32\OpenAL32.dll

2009-11-15 14:12:54 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys

2009-11-15 14:12:48 540000 ----a-w- c:\windows\system32\drivers\timntr.sys

2009-11-15 14:12:48 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2009-11-15 14:12:44 134272 ----a-w- c:\windows\system32\drivers\snman380.sys

2009-11-10 02:49:05 69172 ----a-r- c:\windows\fonts\Baskerville-Normal.ttf

2009-10-31 21:15:26 1112 ----a-w- c:\docume~1\hp\applic~1\ViewerApp.dat

2009-10-20 20:48:51 70984 ----a-w- c:\documents and settings\hp\g2mdlhlpx.exe

2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-04-15 22:06:30 1834 ----a-w- c:\program files\common files\cfgbak.tgb



============= FINISH: 10:46:06.35 ===============


Here is attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT



DDS (Ver_09-12-01.01)



Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/27/2008 6:27:13 PM

System Uptime: 1/7/2010 7:54:24 AM (3 hours ago)



Motherboard: ASUSTeK Computer INC. | | Puffer

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz



==== Disk Partitions =========================



C: is FIXED (NTFS) - 298 GiB total, 150.361 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is Removable

M: is FIXED (NTFS) - 149 GiB total, 15.146 GiB free.



==== Disabled Device Manager Items =============



Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\B563D8E01800

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\B563D8E01800

Service: NIC1394



Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0

Service: RTL8023xp



Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Photosmart C7200 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: HP Photosmart C7200

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam



Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C7200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:



==== System Restore Points ===================



RP500: 10/9/2009 11:07:25 PM - System Checkpoint

RP501: 10/11/2009 12:07:31 AM - System Checkpoint

RP502: 10/12/2009 12:08:33 AM - System Checkpoint

RP503: 10/13/2009 1:07:27 AM - System Checkpoint

RP504: 10/14/2009 2:07:29 AM - System Checkpoint

RP505: 10/15/2009 5:17:37 AM - System Checkpoint

RP506: 10/16/2009 7:43:38 AM - System Checkpoint

RP507: 10/17/2009 8:14:29 AM - System Checkpoint

RP508: 10/18/2009 8:55:47 AM - System Checkpoint

RP509: 10/18/2009 11:24:51 PM - Installed Windows Media Encoder 9 Series

RP510: 10/19/2009 1:01:02 AM - Software Distribution Service 3.0

RP511: 10/20/2009 1:00:18 AM - Software Distribution Service 3.0

RP512: 10/21/2009 1:35:26 AM - System Checkpoint

RP513: 10/22/2009 1:00:28 AM - Software Distribution Service 3.0

RP514: 10/23/2009 1:00:26 AM - Software Distribution Service 3.0

RP515: 10/24/2009 1:38:30 AM - System Checkpoint

RP516: 10/25/2009 2:35:28 AM - System Checkpoint

RP517: 10/26/2009 2:36:34 AM - System Checkpoint

RP518: 10/27/2009 3:36:47 AM - System Checkpoint

RP519: 10/28/2009 4:01:27 AM - System Checkpoint

RP520: 10/29/2009 4:11:33 AM - System Checkpoint

RP521: 10/30/2009 4:47:32 AM - System Checkpoint

RP522: 10/31/2009 5:44:16 AM - System Checkpoint

RP523: 10/31/2009 11:56:50 AM - Unsigned driver install

RP524: 11/1/2009 12:08:17 PM - System Checkpoint

RP525: 11/2/2009 12:44:49 PM - System Checkpoint

RP526: 11/3/2009 1:14:48 PM - System Checkpoint

RP527: 11/4/2009 6:25:55 PM - System Checkpoint

RP528: 11/5/2009 7:20:21 PM - System Checkpoint

RP529: 11/6/2009 8:01:27 PM - System Checkpoint

RP530: 11/7/2009 8:44:57 PM - System Checkpoint

RP531: 11/8/2009 8:28:08 PM - System Checkpoint

RP532: 11/9/2009 10:04:27 PM - System Checkpoint

RP533: 11/10/2009 11:11:48 PM - System Checkpoint

RP534: 11/11/2009 11:34:44 PM - System Checkpoint

RP535: 11/12/2009 1:00:39 AM - Software Distribution Service 3.0

RP536: 11/13/2009 1:49:41 AM - System Checkpoint

RP537: 11/13/2009 11:11:28 AM - Installed Java™ 6 Update 17

RP538: 11/14/2009 2:43:21 PM - System Checkpoint

RP539: 11/15/2009 3:20:24 PM - System Checkpoint

RP540: 11/16/2009 4:12:32 PM - System Checkpoint

RP541: 11/17/2009 1:59:06 PM - Installed Sound Blaster X-Fi Go!

RP542: 11/17/2009 2:02:06 PM - Installed Creative Audio Control Panel

RP543: 11/17/2009 2:02:20 PM - Installed Host OpenAL

RP544: 11/17/2009 2:02:29 PM - Installed Creative Software AutoUpdate

RP545: 11/17/2009 2:33:18 PM - Installed WaveStudio 7

RP546: 11/17/2009 2:34:22 PM - Installed Creative Volume Panel

RP547: 11/17/2009 2:35:32 PM - Installed Creative Karaoke Player

RP548: 11/17/2009 2:37:31 PM - Configured Sound Blaster X-Fi Go!

RP549: 11/17/2009 3:05:18 PM - Avira AntiVir Personal - 11/17/2009 15:05

RP550: 11/18/2009 6:24:01 AM - Software Distribution Service 3.0

RP551: 11/18/2009 9:52:26 AM - COMODO Registry Cleaner 18-11-09_09-52-20

RP552: 11/18/2009 1:08:23 PM - COMODO Registry Cleaner 18-11-09_13-08-16

RP553: 11/19/2009 2:07:53 PM - System Checkpoint

RP554: 11/20/2009 2:57:57 PM - System Checkpoint

RP555: 11/21/2009 3:38:57 PM - System Checkpoint

RP556: 11/22/2009 4:29:17 PM - System Checkpoint

RP557: 11/23/2009 4:30:40 PM - System Checkpoint

RP558: 11/24/2009 5:17:06 PM - System Checkpoint

RP559: 11/25/2009 6:18:52 PM - System Checkpoint

RP560: 11/25/2009 8:08:50 PM - Printer Driver HP Photosmart C7200 series fax Installed

RP561: 11/25/2009 8:31:19 PM - Printer Driver HP Photosmart C7200 series fax Installed

RP562: 11/26/2009 9:16:28 PM - System Checkpoint

RP563: 11/27/2009 11:26:49 PM - System Checkpoint

RP564: 11/29/2009 2:20:00 AM - System Checkpoint

RP565: 11/30/2009 3:16:30 AM - System Checkpoint

RP566: 12/1/2009 6:09:19 AM - System Checkpoint

RP567: 12/2/2009 7:07:56 AM - System Checkpoint

RP568: 12/3/2009 7:13:33 AM - Removed Microsoft Silverlight

RP569: 12/3/2009 7:22:17 AM - COMODO Registry Cleaner 03-12-09_07-22-13

RP570: 12/3/2009 11:25:09 AM - COMODO Registry Cleaner 03-12-09_11-25-01

RP571: 12/3/2009 4:10:06 PM - Removed Creative Karaoke Player

RP572: 12/3/2009 4:14:04 PM - Removed WaveStudio 7

RP573: 12/3/2009 5:06:03 PM - Avira AntiVir Personal - 12/3/2009 17:05

RP574: 12/3/2009 5:59:33 PM - Installed Trend Micro Internet Security

RP575: 12/3/2009 9:34:47 PM - Restore point created by Trend Mico [0x00001101]

RP576: 12/3/2009 9:49:21 PM - Restore Operation

RP577: 12/4/2009 10:25:46 PM - System Checkpoint

RP578: 12/5/2009 10:52:44 PM - System Checkpoint

RP579: 12/6/2009 11:07:42 PM - System Checkpoint

RP580: 12/7/2009 11:58:22 PM - System Checkpoint

RP581: 12/9/2009 12:08:52 AM - System Checkpoint

RP582: 12/10/2009 12:54:57 AM - System Checkpoint

RP583: 12/10/2009 8:25:26 AM - Software Distribution Service 3.0

RP584: 12/10/2009 8:34:21 AM - Installed Windows Internet Explorer 8.

RP585: 12/11/2009 9:31:03 AM - System Checkpoint

RP586: 12/12/2009 11:17:44 AM - System Checkpoint

RP587: 12/13/2009 11:39:56 AM - System Checkpoint

RP588: 12/14/2009 12:59:09 PM - System Checkpoint

RP589: 12/15/2009 1:17:29 PM - System Checkpoint

RP590: 12/16/2009 2:17:32 PM - System Checkpoint

RP591: 12/17/2009 3:17:31 PM - System Checkpoint

RP592: 12/18/2009 8:00:56 PM - System Checkpoint

RP593: 12/19/2009 8:20:00 PM - System Checkpoint

RP594: 12/20/2009 8:26:48 PM - System Checkpoint

RP595: 12/21/2009 10:02:59 PM - System Checkpoint

RP596: 12/23/2009 12:44:05 AM - System Checkpoint

RP597: 12/24/2009 1:20:06 AM - System Checkpoint

RP598: 12/25/2009 2:31:50 AM - System Checkpoint

RP599: 12/26/2009 2:35:22 AM - System Checkpoint

RP600: 12/27/2009 3:35:24 AM - System Checkpoint

RP601: 12/28/2009 4:35:26 AM - System Checkpoint

RP602: 12/28/2009 11:24:48 AM - Software Distribution Service 3.0

RP603: 12/28/2009 11:32:28 AM - Removed Comcast Universal Caller ID

RP604: 12/29/2009 12:22:29 PM - System Checkpoint

RP605: 12/30/2009 1:22:29 PM - System Checkpoint

RP606: 12/31/2009 2:22:29 PM - System Checkpoint

RP607: 1/2/2010 10:53:09 AM - System Checkpoint

RP608: 1/3/2010 11:22:26 AM - System Checkpoint

RP609: 1/4/2010 1:17:42 PM - System Checkpoint

RP610: 1/5/2010 4:27:53 PM - System Checkpoint

RP611: 1/5/2010 4:58:34 PM - Removed Microsoft Retail Management System Store Operations

RP612: 1/5/2010 5:01:35 PM - Removed Trend Micro Internet Security

RP613: 1/5/2010 5:03:09 PM - Removed SupportSoft Assisted Service

RP614: 1/5/2010 5:04:23 PM - Removed Safari

RP615: 1/5/2010 5:15:43 PM - COMODO Registry Cleaner 05-01-10_17-15-39

RP616: 1/5/2010 5:21:24 PM - Avira AntiVir Personal - 1/5/2010 17:21

RP617: 1/6/2010 6:31:01 PM - System Checkpoint



==== Installed Programs ======================



32 Bit HP CIO Components Installer

Acronis燭rue營mage燞ome

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.2

Adobe SVG Viewer

Agere Systems PCI Soft Modem

AIO_Scan

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Camera Suite 1.3

ATI Display Driver

Avira AntiVir Personal - Free Antivirus

BizPricer Application Wizard Version 1.0

Bonjour

BufferChm

C7200

C7200_Help

Cards_Calendar_OrderGift_DoMorePlugout

COMODO Registry Cleaner 1.0.17.23

Compatibility Pack for the 2007 Office system

Copy

DesignPro 5.4 Limited Edition

Destination Component

DeviceDiscovery

DocProc

EASEUS Partition Master 4.0 Home Edition

Fax

Free Studio version 4.2

Free Video to iPhone Converter version 2.1

FrontPage Well Organized

Google Toolbar for Internet Explorer

GoToMeeting 4.0.0.320

GPBaseService

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

HP Driver Diagnostics

HP Imaging Device Functions 10.0

HP Photosmart All-In-One Driver Software 10.0 Rel .2

HP Photosmart Essential 2.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iTunes

Java™ 6 Update 17

KeyScrambler

Lexmark 7300 Series

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft FrontPage 2002

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Office XP Professional

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.16)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

NetDeviceManager

NVIDIA Drivers

NVIDIA Media Center Extensions

NVIDIA PureVideo Decoder

OCR Software by I.R.I.S. 10.0

OutlookTools 2

PanoStandAlone

PdaNet Desktop for iPhone 1.53

Photo Viewer 2.3

Picture Package

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

PSSWCORE

QuickBooks Pro 2008

Quicken 2008

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Skype™ 4.0

SolutionCenter

Sonic Activation Module

Sonic Backup MyPC Special Edition for HP

Sonic Update Manager

Sony DVD Handycam USB Driver 2

Sound Blaster X-Fi Go!

Status

Toolbox

TrayApp

TrustedID Identity Theft Protection

Uninstall 1.0.0.1

UnloadSupport

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB942763)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC 9.0 Runtime

VideoToolkit01

Volume Panel

WebEx

WebFldrs XP

WebReg

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Media Center Edition 2005 KB925766

Windows XP Service Pack 3

ZoneAlarm

ZoneAlarm Spy Blocker Toolbar



==== Event Viewer Messages From Past Week ========



1/7/2010 7:48:28 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/7/2010 7:46:40 AM, error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 2 time(s).

1/7/2010 7:34:59 AM, error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

1/7/2010 10:40:52 AM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).

1/5/2010 6:48:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

1/4/2010 2:22:47 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\D.

1/3/2010 7:49:08 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

1/3/2010 7:47:37 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.

1/3/2010 7:47:26 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.



==== End Of File ===========================


Here is rootrepeal.txt

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/07 10:51

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================



Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF74BC000 Size: 57344 File Visible: - Signed: Yes

Status: -



Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF736D000 Size: 187776 File Visible: - Signed: Yes

Status: -



Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: Yes

Status: -



Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB8580000 Size: 138112 File Visible: - Signed: Yes

Status: -



Name: AGRSM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys

Address: 0xF55BF000 Size: 1149888 File Visible: - Signed: Yes

Status: -



Name: AnyDVD.sys

Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys

Address: 0xF5593000 Size: 97408 File Visible: - Signed: Yes

Status: -



Name: atapi.sys

Image Path: atapi.sys

Address: 0xF72FF000 Size: 96384 File Visible: - Signed: Yes

Status: -



Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: Yes

Status: -



Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7BB2000 Size: 3072 File Visible: - Signed: Yes

Status: -



Name: avgio.sys

Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys

Address: 0xB2DE9000 Size: 6144 File Visible: - Signed: Yes

Status: -



Name: avgntflt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys

Address: 0xAF614000 Size: 81920 File Visible: - Signed: Yes

Status: -



Name: avipbb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys

Address: 0xAFD60000 Size: 114688 File Visible: - Signed: Yes

Status: -



Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF79DE000 Size: 4224 File Visible: - Signed: Yes

Status: -



Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF78AC000 Size: 12288 File Visible: - Signed: Yes

Status: -



Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xB04DD000 Size: 63744 File Visible: - Signed: Yes

Status: -



Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF6BF5000 Size: 62976 File Visible: - Signed: Yes

Status: -



Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF74FC000 Size: 53248 File Visible: - Signed: Yes

Status: -



Name: disk.sys

Image Path: disk.sys

Address: 0xF74EC000 Size: 36352 File Visible: - Signed: Yes

Status: -



Name: DLABMFSM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLABMFSM.SYS

Address: 0xF786C000 Size: 28192 File Visible: - Signed: Yes

Status: -



Name: DLABOIOM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS

Address: 0xF788C000 Size: 25568 File Visible: - Signed: Yes

Status: -



Name: DLACDBHM.SYS

Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

Address: 0xF7A1A000 Size: 6016 File Visible: - Signed: Yes

Status: -



Name: DLADResM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLADResM.SYS

Address: 0xB02F2000 Size: 2496 File Visible: - Signed: Yes

Status: -



Name: DLAIFS_M.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

Address: 0xAF5D4000 Size: 97568 File Visible: - Signed: Yes

Status: -



Name: DLAOPIOM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

Address: 0xF785C000 Size: 19104 File Visible: - Signed: Yes

Status: -



Name: DLAPoolM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS

Address: 0xF79A4000 Size: 7616 File Visible: - Signed: Yes

Status: -



Name: DLARTL_M.SYS

Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS

Address: 0xED1B6000 Size: 21280 File Visible: - Signed: Yes

Status: -



Name: DLAUDF_M.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

Address: 0xAF57F000 Size: 90944 File Visible: - Signed: Yes

Status: -



Name: DLAUDFAM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

Address: 0xAF596000 Size: 87744 File Visible: - Signed: Yes

Status: -



Name: dmio.sys

Image Path: dmio.sys

Address: 0xF7317000 Size: 153344 File Visible: - Signed: Yes

Status: -



Name: dmload.sys

Image Path: dmload.sys

Address: 0xF79A2000 Size: 5888 File Visible: - Signed: Yes

Status: -



Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xECD52000 Size: 61440 File Visible: - Signed: Yes

Status: -



Name: DRVMCDB.SYS

Image Path: DRVMCDB.SYS

Address: 0xF72B7000 Size: 90080 File Visible: - Signed: Yes

Status: -



Name: DRVNDDM.SYS

Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

Address: 0xB0043000 Size: 42496 File Visible: - Signed: Yes

Status: -



Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xAFAB1000 Size: 98304 File Visible: No Signed: No

Status: -



Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79FE000 Size: 8192 File Visible: No Signed: No

Status: -



Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xB5542000 Size: 12288 File Visible: - Signed: Yes

Status: -



Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: Yes

Status: -



Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7AE9000 Size: 4096 File Visible: - Signed: Yes

Status: -



Name: ElbyCDIO.sys

Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

Address: 0xB0870000 Size: 18688 File Visible: - Signed: Yes

Status: -



Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xAF443000 Size: 143744 File Visible: - Signed: Yes

Status: -



Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xB0941000 Size: 44544 File Visible: - Signed: Yes

Status: -



Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF72DF000 Size: 129792 File Visible: - Signed: Yes

Status: -



Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF79DC000 Size: 7936 File Visible: - Signed: Yes

Status: -



Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF733D000 Size: 125056 File Visible: - Signed: Yes

Status: -



Name: GEARAspiWDM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xF77BC000 Size: 21120 File Visible: - Signed: Yes

Status: -



Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806E4000 Size: 134400 File Visible: - Signed: Yes

Status: -



Name: hcwPP2.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

Address: 0xF56FB000 Size: 156800 File Visible: - Signed: Yes

Status: -



Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xF579D000 Size: 147456 File Visible: - Signed: Yes

Status: -



Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xB04CD000 Size: 36864 File Visible: - Signed: Yes

Status: -



Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xED1AE000 Size: 28672 File Visible: - Signed: Yes

Status: -



Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xB051B000 Size: 10368 File Visible: - Signed: Yes

Status: -



Name: HPZid412.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys

Address: 0xB04AD000 Size: 49920 File Visible: - Signed: Yes

Status: -



Name: HPZipr12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

Address: 0xF0126000 Size: 16224 File Visible: - Signed: Yes

Status: -



Name: HPZius12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys

Address: 0xB0216000 Size: 21568 File Visible: - Signed: Yes

Status: -



Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xAF21E000 Size: 264832 File Visible: - Signed: Yes

Status: -



Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF6C05000 Size: 42112 File Visible: - Signed: Yes

Status: -



Name: intelide.sys

Image Path: intelide.sys

Address: 0xF79A0000 Size: 5504 File Visible: - Signed: Yes

Status: -



Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF756C000 Size: 36352 File Visible: - Signed: Yes

Status: -



Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xB8545000 Size: 152832 File Visible: - Signed: Yes

Status: -



Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xB868E000 Size: 75264 File Visible: - Signed: Yes

Status: -



Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF749C000 Size: 37248 File Visible: - Signed: Yes

Status: -



Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF3DCB000 Size: 24576 File Visible: - Signed: Yes

Status: -



Name: kbdhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xBABDA000 Size: 14592 File Visible: - Signed: Yes

Status: -



Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF799C000 Size: 8192 File Visible: - Signed: Yes

Status: -



Name: keyscrambler.sys

Image Path: C:\WINDOWS\System32\drivers\keyscrambler.sys

Address: 0xAFAC9000 Size: 107008 File Visible: - Signed: Yes

Status: -



Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xAC3F2000 Size: 172416 File Visible: - Signed: Yes

Status: -



Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF56D8000 Size: 143360 File Visible: - Signed: Yes

Status: -



Name: ksaud.sys

Image Path: C:\WINDOWS\system32\drivers\ksaud.sys

Address: 0xAFCA3000 Size: 772992 File Visible: - Signed: Yes

Status: -



Name: ksaudfl.sys

Image Path: C:\WINDOWS\system32\drivers\ksaudfl.sys

Address: 0xAFAE4000 Size: 1830912 File Visible: - Signed: Yes

Status: -



Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF72A0000 Size: 92288 File Visible: - Signed: Yes

Status: -



Name: LVPr2Mon.sys

Image Path: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

Address: 0xF3D93000 Size: 18944 File Visible: - Signed: No

Status: -



Name: LVUSBSta.sys

Image Path: C:\WINDOWS\system32\drivers\LVUSBSta.sys

Address: 0xB04BD000 Size: 35072 File Visible: - Signed: Yes

Status: -



Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF79EE000 Size: 4224 File Visible: - Signed: Yes

Status: -



Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF77B4000 Size: 30080 File Visible: - Signed: Yes

Status: -



Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF3DC3000 Size: 23040 File Visible: - Signed: Yes

Status: -



Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xBABD6000 Size: 12160 File Visible: - Signed: Yes

Status: -



Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF74CC000 Size: 42368 File Visible: - Signed: Yes

Status: -



Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xAF3C7000 Size: 179584 File Visible: - Signed: No

Status: -



Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF684C000 Size: 19072 File Visible: - Signed: Yes

Status: -



Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF762C000 Size: 35072 File Visible: - Signed: Yes

Status: -



Name: MSPQM.sys

Image Path: C:\WINDOWS\system32\drivers\MSPQM.sys

Address: 0xB4A87000 Size: 4992 File Visible: - Signed: Yes

Status: -



Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF6FBD000 Size: 15488 File Visible: - Signed: Yes

Status: -



Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7029000 Size: 105216 File Visible: - Signed: Yes

Status: -



Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF71E6000 Size: 182656 File Visible: - Signed: Yes

Status: -



Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF6FF5000 Size: 10112 File Visible: - Signed: Yes

Status: -



Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xAF5D0000 Size: 14592 File Visible: - Signed: Yes

Status: -



Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF494C000 Size: 91520 File Visible: - Signed: Yes

Status: -



Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF3A5A000 Size: 40576 File Visible: - Signed: Yes

Status: -



Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xB860D000 Size: 162816 File Visible: - Signed: Yes

Status: -



Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF6844000 Size: 30848 File Visible: - Signed: Yes

Status: -



Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7213000 Size: 574976 File Visible: - Signed: Yes

Status: -



Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: Yes

Status: -



Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF6966000 Size: 2944 File Visible: - Signed: Yes

Status: -



Name: nv4_disp.dll

Image Path: C:\WINDOWS\System32\nv4_disp.dll

Address: 0xBF9D5000 Size: 6057984 File Visible: - Signed: Yes

Status: -



Name: nv4_mini.sys

Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

Address: 0xF57D5000 Size: 6132576 File Visible: - Signed: Yes

Status: -



Name: nvport.sys

Image Path: C:\WINDOWS\system32\Drivers\nvport.sys

Address: 0xF6834000 Size: 28672 File Visible: - Signed: No

Status: -



Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF74AC000 Size: 61312 File Visible: - Signed: Yes

Status: -



Name: parport.sys

Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys

Address: 0xF55AB000 Size: 80128 File Visible: - Signed: Yes

Status: -



Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7724000 Size: 19712 File Visible: - Signed: Yes

Status: -



Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xF7A32000 Size: 6784 File Visible: - Signed: Yes

Status: -



Name: pci.sys

Image Path: pci.sys

Address: 0xF735C000 Size: 68224 File Visible: - Signed: Yes

Status: -



Name: PCIIde.sys

Image Path: PCIIde.sys

Address: 0xF7A64000 Size: 3328 File Visible: - Signed: Yes

Status: -



Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS

Address: 0xF771C000 Size: 28672 File Visible: - Signed: Yes

Status: -



Name: pfc.sys

Image Path: C:\WINDOWS\system32\drivers\pfc.sys

Address: 0xF798C000 Size: 9856 File Visible: - Signed: No

Status: -



Name: pnetmdm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\pnetmdm.sys

Address: 0xF5DB7000 Size: 9472 File Visible: - Signed: No

Status: -



Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: Yes

Status: -



Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xBABFA000 Size: 135168 File Visible: - Signed: Yes

Status: -



Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xF493B000 Size: 69120 File Visible: - Signed: Yes

Status: -



Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF3DDB000 Size: 17792 File Visible: - Signed: Yes

Status: -



Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF750C000 Size: 37376 File Visible: - Signed: Yes

Status: -



Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xEB5B2000 Size: 8832 File Visible: - Signed: Yes

Status: -



Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF75FC000 Size: 51328 File Visible: - Signed: Yes

Status: -



Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF760C000 Size: 41472 File Visible: - Signed: Yes

Status: -



Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF761C000 Size: 48384 File Visible: - Signed: Yes

Status: -



Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF3DD3000 Size: 16512 File Visible: - Signed: Yes

Status: -



Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: Yes

Status: -



Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF79F0000 Size: 4224 File Visible: - Signed: Yes

Status: -



Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xF26F3000 Size: 196224 File Visible: - Signed: Yes

Status: -



Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF6BE5000 Size: 57600 File Visible: - Signed: Yes

Status: -



Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xAEE89000 Size: 49152 File Visible: No Signed: No

Status: -



Name: RT61.sys

Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys

Address: 0xF5722000 Size: 356096 File Visible: - Signed: Yes

Status: -



Name: RtkHDAud.sys

Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xBAC1B000 Size: 4083712 File Visible: - Signed: Yes

Status: -



Name: SafeConnectDriver.sys

Image Path: C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectDriver.sys

Address: 0xAED78000 Size: 200704 File Visible: - Signed: Yes

Status: -



Name: SafeConnectFilter.sys

Image Path: C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectFilter.sys

Address: 0xAF2BF000 Size: 40960 File Visible: - Signed: Yes

Status: -



Name: SafeConnectShim.sys

Image Path: C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectShim.sys

Address: 0xF77FC000 Size: 19744 File Visible: - Signed: Yes

Status: -



Name: snman380.sys

Image Path: snman380.sys

Address: 0xF7043000 Size: 127584 File Visible: - Signed: Yes

Status: -



Name: sonypvf3.SYS

Image Path: C:\WINDOWS\System32\Drivers\sonypvf3.SYS

Address: 0xB8709000 Size: 619328 File Visible: - Signed: No

Status: -



Name: sonypvl3.sys

Image Path: sonypvl3.sys

Address: 0xF772C000 Size: 18048 File Visible: - Signed: No

Status: -



Name: sonypvt3.SYS

Image Path: C:\WINDOWS\System32\Drivers\sonypvt3.SYS

Address: 0xB86A1000 Size: 423392 File Visible: - Signed: No

Status: -



Name: sr.sys

Image Path: sr.sys

Address: 0xF72CD000 Size: 73472 File Visible: - Signed: Yes

Status: -



Name: srescan.sys

Image Path: srescan.sys

Address: 0xF7063000 Size: 81920 File Visible: No Signed: No

Status: -



Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xAF144000 Size: 334848 File Visible: - Signed: Yes

Status: -



Name: ssmdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

Address: 0xF683C000 Size: 23040 File Visible: - Signed: Yes

Status: -



Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7A56000 Size: 4352 File Visible: - Signed: Yes

Status: -



Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xF76BC000 Size: 60800 File Visible: - Signed: Yes

Status: -



Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xB8635000 Size: 361088 File Visible: - Signed: Yes

Status: -



Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF7824000 Size: 20480 File Visible: - Signed: Yes

Status: -



Name: tdrpm174.sys

Image Path: tdrpm174.sys

Address: 0xF7077000 Size: 964864 File Visible: - Signed: Yes

Status: -



Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF4264000 Size: 40704 File Visible: - Signed: Yes

Status: -



Name: tifsfilt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

Address: 0xF6B85000 Size: 38016 File Visible: - Signed: Yes

Status: -



Name: timntr.sys

Image Path: timntr.sys

Address: 0xF7163000 Size: 533312 File Visible: - Signed: Yes

Status: -



Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF2672000 Size: 364160 File Visible: - Signed: Yes

Status: -



Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xB0878000 Size: 32128 File Visible: - Signed: Yes

Status: -



Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7A18000 Size: 8192 File Visible: - Signed: Yes

Status: -



Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF78A4000 Size: 30208 File Visible: - Signed: Yes

Status: -



Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xECD42000 Size: 59520 File Visible: - Signed: Yes

Status: -



Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF5779000 Size: 147456 File Visible: - Signed: Yes

Status: -



Name: usbprint.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys

Address: 0xB021E000 Size: 25856 File Visible: - Signed: Yes

Status: -



Name: usbscan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys

Address: 0xBABE2000 Size: 15104 File Visible: - Signed: Yes

Status: -



Name: USBSTOR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Address: 0xF7774000 Size: 26368 File Visible: - Signed: Yes

Status: -



Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF789C000 Size: 20608 File Visible: - Signed: Yes

Status: -



Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF6854000 Size: 20992 File Visible: - Signed: Yes

Status: -



Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF57C1000 Size: 81920 File Visible: - Signed: Yes

Status: -



Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF74DC000 Size: 52352 File Visible: - Signed: Yes

Status: -



Name: vsdatant.sys

Image Path: C:\WINDOWS\System32\vsdatant.sys

Address: 0xB85A2000 Size: 438272 File Visible: - Signed: Yes

Status: -



Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xB0951000 Size: 34560 File Visible: - Signed: Yes

Status: -



Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7834000 Size: 20480 File Visible: - Signed: Yes

Status: -



Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xAF196000 Size: 83072 File Visible: - Signed: Yes

Status: -



Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes

Status: -



Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: No

Status: -



Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF799E000 Size: 8192 File Visible: - Signed: Yes

Status: -



Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2150400 File Visible: - Signed: Yes

Status: -


Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 14 January 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 19 January 2010 - 08:49 AM

myrti,

thanks for your reply. I ran OTL and have pasted two files below. I am also going to reply to you separetly with dds and root repeal files since I re-ran them.

OTL logfile created on: 1/19/2010 7:10:29 AM - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = L:\Malware

Windows XP Media Center Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1,023.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.09 Gb Total Space | 175.78 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 960.11 Mb Total Space | 824.98 Mb Free Space | 85.93% Space Free | Partition Type: FAT32

Drive L: | 980.72 Mb Total Space | 697.28 Mb Free Space | 71.10% Space Free | Partition Type: FAT

Drive M: | 149.04 Gb Total Space | 15.05 Gb Free Space | 10.09% Space Free | Partition Type: NTFS



Computer Name: PAM-A1DABE2F5B4

Current User Name: HP

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Processes (SafeList) ==========



PRC - [2010/01/18 13:48:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- L:\Malware\OTL.exe

PRC - [2010/01/14 15:21:51 | 01,586,992 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP\Local Settings\Temp\G2_438\g2viewer.exe

PRC - [2009/12/28 08:22:09 | 03,214,272 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/16 18:33:46 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2009/09/16 17:22:08 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

PRC - [2009/07/27 18:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/05/30 22:12:08 | 00,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP\gotomypc_438.exe

PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/11/21 21:57:44 | 00,960,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008/11/21 21:47:52 | 00,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2008/11/21 21:20:22 | 04,352,832 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2008/10/28 10:20:34 | 00,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe

PRC - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2008/06/20 13:02:23 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/03/21 13:42:56 | 00,539,160 | R--- | M] (Sana Security) -- C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe

PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

PRC - [2007/11/02 18:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

PRC - [2007/10/31 01:32:28 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2005/09/21 15:32:56 | 02,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

PRC - [2005/09/21 10:24:02 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005/05/03 18:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE





========== Modules (SafeList) ==========



MOD - [2010/01/18 13:48:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- L:\Malware\OTL.exe

MOD - [2009/02/13 10:22:35 | 00,117,696 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll

MOD - [2008/09/17 23:55:00 | 01,503,232 | ---- | M] () -- C:\WINDOWS\system32\nview.dll

MOD - [2008/09/17 23:55:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

MOD - [2007/10/31 01:33:16 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3244_x-ww_d74fff41\comctl32.dll





========== Win32 Services (SafeList) ==========



SRV - [2009/12/17 16:37:52 | 00,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/11/17 13:59:55 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/09/16 17:22:08 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)

SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/04/24 20:10:50 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/21 21:47:52 | 00,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/10/22 07:50:21 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/09/17 23:55:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2008/07/26 07:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2008/03/21 13:42:56 | 00,539,160 | R--- | M] (Sana Security) [Auto | Running] -- C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe -- (SanaSafeConnectWatcher)

SRV - [2008/03/21 13:42:54 | 04,937,240 | R--- | M] (Sana Security) [Disabled | Stopped] -- C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe -- (SanaSafeConnectAgent)

SRV - [2008/01/16 19:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)

SRV - [2008/01/16 19:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)

SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - [2007/10/14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)

SRV - [2007/05/24 06:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)

SRV - [2005/10/24 07:33:04 | 00,491,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxcicoms.exe -- (lxci_device)

SRV - [2004/09/09 20:09:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)





========== Driver Services (SafeList) ==========



DRV - [2009/12/19 12:22:01 | 00,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2009/12/17 16:25:12 | 00,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009/11/15 08:12:54 | 00,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/11/15 08:12:48 | 00,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/11/15 08:12:48 | 00,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/11/15 08:12:44 | 00,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/11/04 16:54:12 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/11/04 16:54:12 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/11/04 16:54:12 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/11/04 16:53:40 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/10/04 15:33:14 | 00,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)

DRV - [2009/07/25 19:16:28 | 00,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.hs -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)

DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/06/21 20:16:31 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)

DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2009/06/04 17:55:16 | 00,772,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ksaud.sys -- (ksaud)

DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/04/28 14:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2009/04/22 13:28:08 | 00,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2009/04/22 13:28:06 | 00,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/03/25 06:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/10/24 18:27:06 | 01,830,912 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ksaudfl.sys -- (ksaudfl)

DRV - [2008/09/17 23:55:00 | 06,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/07/26 07:25:02 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2008/03/21 13:43:20 | 00,161,304 | R--- | M] (Sana Security, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectDriver.sys -- (SanaSafeConnectDriver)

DRV - [2008/03/21 13:43:20 | 00,029,720 | ---- | M] (Sana Security, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectFilter.sys -- (SanaSafeConnectFilter)

DRV - [2008/03/21 13:43:20 | 00,027,376 | ---- | M] (Sana Security, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectShim.sys -- (SanaSafeConnectShim)

DRV - [2007/10/30 19:47:12 | 00,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)

DRV - [2007/10/30 17:46:50 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/03/07 22:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)

DRV - [2007/03/07 22:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)

DRV - [2007/03/07 22:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)

DRV - [2006/12/29 21:22:36 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2006/09/28 14:32:14 | 00,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)

DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2006/05/05 18:21:00 | 00,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)

DRV - [2006/03/29 07:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2006/01/25 17:24:30 | 01,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)

DRV - [2005/09/23 18:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/07/28 19:07:00 | 00,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)

DRV - [2004/12/07 14:00:48 | 00,064,964 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd3.sys -- (sonypvd3)

DRV - [2004/12/06 13:26:16 | 00,423,454 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt3.sys -- (sonypvt3)

DRV - [2004/11/15 12:55:14 | 00,619,390 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf3.sys -- (sonypvf3)

DRV - [2004/09/22 10:55:38 | 00,018,110 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl3.sys -- (sonypvl3)

DRV - [2004/09/09 20:15:14 | 00,798,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/10 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/04/26 14:31:14 | 00,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/03/17 15:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========







IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local







IE - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?referrer=theme_ign

IE - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\S-1-5-21-1004336348-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\S-1-5-21-1004336348-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========



FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?referrer=theme_ign"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.18



FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 13:58:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 19:29:42 | 00,000,000 | ---D | M]



[2009/02/17 06:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP\Application Data\Mozilla\Extensions

[2010/01/18 22:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions

[2009/12/03 18:59:59 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/01/17 19:29:35 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/03 21:50:41 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2009/12/03 22:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\keyscrambler@qfx.software.corporation

[2010/01/18 21:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008/08/21 12:24:04 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}



O1 HOSTS File: ([2004/08/10 06:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll File not found

O2 - BHO: (TbHelperObject Class) - {6DDEF7A2-C6B5-4869-8330-6DB412F59552} - C:\WINDOWS\system32\TbHelper.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll File not found

O3 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: google.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: internet ([]about in Internet)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: microsoft.com ([update] http in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: microsoft.com ([update] https in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)

O15 - HKU\S-1-5-21-1004336348-1757981266-839522115-1003\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1245529511484 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1245529495859 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab (Creative Software AutoUpdate Support Package)

O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/04 07:18:57 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/08/14 07:26:02 | 00,000,082 | ---- | M] () - K:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{f3507add-d2c7-11de-acbf-0016b659eea0}\Shell\AutoRun\command - "" = K:\Start.exe -- [2008/08/08 05:26:26 | 02,395,592 | ---- | M] (Creative Technology Ltd)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2010/01/17 19:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2010/01/17 19:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2010/01/17 19:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2010/01/17 19:29:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/01/13 11:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\Link Logger

[2010/01/12 13:40:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\WinBatch

[2010/01/12 13:39:56 | 01,713,488 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\HP\Desktop\sp37253.exe

[2010/01/12 12:37:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Local Settings\Application Data\McAfee

[2010/01/11 06:38:16 | 08,991,968 | ---- | C] (PC Tools ) -- C:\Documents and Settings\HP\Desktop\tfinstall.exe

[2010/01/10 21:30:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\McAfee

[2010/01/10 15:43:11 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys

[2010/01/10 15:43:11 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys

[2010/01/10 15:43:10 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys

[2010/01/10 15:43:01 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys

[2010/01/10 15:42:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2010/01/10 15:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2010/01/10 15:41:36 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee

[2010/01/10 15:36:14 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

[2010/01/10 15:36:12 | 00,214,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys

[2010/01/09 15:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/01/06 17:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\Malwarebytes

[2010/01/06 17:22:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/06 17:22:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/06 17:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/01/06 17:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/12/28 12:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\My Documents\AnyDVDHD

[2009/12/28 12:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2009/12/28 12:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\SlySoft

[2009/12/28 11:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\My Documents\PcSetup

[2009/12/03 18:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro

[2009/11/17 15:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/17 15:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/11/17 15:17:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/10/19 00:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/02/26 14:32:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP\Application Data\pcouffin.sys

[2009/02/09 11:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2009/01/10 15:14:02 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll

[2009/01/10 15:14:02 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll

[2009/01/10 15:14:02 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll

[2009/01/10 15:14:02 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll

[2009/01/10 15:14:01 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll

[2009/01/10 15:14:01 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll

[2009/01/10 15:14:01 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll

[2009/01/10 15:14:01 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll

[2009/01/10 15:14:00 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll

[2008/06/13 14:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis

[2008/06/10 09:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit

[2008/05/27 17:28:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2004/09/09 22:25:36 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[6 C:\Documents and Settings\HP\My Documents\*.tmp files -> C:\Documents and Settings\HP\My Documents\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2010/01/19 07:10:10 | 00,000,336 | ---- | M] () -- C:\Documents and Settings\HP\Desktop\Shortcut to OTL.lnk

[2010/01/18 22:50:14 | 00,008,773 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/01/18 11:06:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/01/18 01:00:01 | 00,000,494 | -H-- | M] () -- C:\WINDOWS\tasks\Hannamax062008 1213086418.job

[2010/01/17 19:30:13 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk

[2010/01/17 19:30:13 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

[2010/01/15 02:07:53 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

[2010/01/13 20:11:31 | 00,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI

[2010/01/13 20:07:02 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2010/01/13 20:06:27 | 00,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/01/13 20:06:05 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/13 19:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/13 19:37:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/13 11:29:12 | 00,000,380 | ---- | M] () -- C:\Documents and Settings\HP\Desktop\Shortcut to Wireless Network Connection.lnk

[2010/01/13 11:21:39 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\HP\NTUSER.DAT

[2010/01/13 11:21:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\HP\ntuser.ini

[2010/01/13 11:21:33 | 05,296,656 | -H-- | M] () -- C:\Documents and Settings\HP\Local Settings\Application Data\IconCache.db

[2010/01/13 11:12:26 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/13 11:03:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP\񀿉

[2010/01/12 13:49:08 | 00,000,756 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/01/12 13:49:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/01/12 13:49:08 | 00,000,209 | RHS- | M] () -- C:\boot.ini

[2010/01/12 13:39:57 | 01,713,488 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\HP\Desktop\sp37253.exe

[2010/01/11 06:39:01 | 08,991,968 | ---- | M] (PC Tools ) -- C:\Documents and Settings\HP\Desktop\tfinstall.exe

[2010/01/10 21:30:27 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk

[2010/01/10 15:46:23 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/01/10 15:42:30 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

[2010/01/07 17:30:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts

[2010/01/06 17:22:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/06 12:06:11 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\January Monday and Tuesday 4th.doc

[2010/01/06 10:36:00 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010/01/06 09:03:16 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/01/04 15:55:05 | 40,321,024 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\Hannamax092008 (Backup Jan 04,2010 03 53 PM).QBB

[2010/01/03 07:01:28 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\HP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/31 09:33:10 | 02,084,551 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\IMG015.jpg

[2009/12/31 09:32:16 | 01,974,919 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\IMG022.jpg

[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/29 19:28:59 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\News Year Fill List.doc

[2009/12/28 11:28:52 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\HP\Application Data\inst.exe

[2009/12/28 11:28:52 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\HP\Application Data\pcouffin.sys

[2009/12/28 11:28:52 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\HP\Application Data\pcouffin.cat

[2009/12/28 11:28:52 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\HP\Application Data\pcouffin.inf

[2009/12/22 23:31:09 | 40,275,968 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\Hannamax092008 (Backup Dec 22,2009 11 29 PM).QBB

[6 C:\Documents and Settings\HP\My Documents\*.tmp files -> C:\Documents and Settings\HP\My Documents\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]



========== Files Created - No Company Name ==========



[2010/01/19 07:10:10 | 00,000,336 | ---- | C] () -- C:\Documents and Settings\HP\Desktop\Shortcut to OTL.lnk

[2010/01/17 19:30:13 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan.lnk

[2010/01/17 19:30:13 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

[2010/01/13 11:29:12 | 00,000,380 | ---- | C] () -- C:\Documents and Settings\HP\Desktop\Shortcut to Wireless Network Connection.lnk

[2010/01/13 11:03:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP\񀿉

[2010/01/10 21:30:27 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk

[2010/01/10 18:09:23 | 00,008,773 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF

[2010/01/10 15:46:23 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/01/10 15:42:31 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job

[2010/01/10 15:42:29 | 00,000,312 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job

[2010/01/06 17:22:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/05 18:49:29 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\January Monday and Tuesday 4th.doc

[2010/01/04 15:54:49 | 40,321,024 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\Hannamax092008 (Backup Jan 04,2010 03 53 PM).QBB

[2009/12/31 09:32:51 | 02,084,551 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\IMG015.jpg

[2009/12/31 09:32:13 | 01,974,919 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\IMG022.jpg

[2009/12/29 19:13:37 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\News Year Fill List.doc

[2009/12/28 12:35:37 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/12/22 23:30:52 | 40,275,968 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\Hannamax092008 (Backup Dec 22,2009 11 29 PM).QBB

[2009/11/18 09:55:56 | 00,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI

[2009/11/17 14:00:25 | 00,230,400 | ---- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll

[2009/11/17 14:00:25 | 00,033,327 | ---- | C] () -- C:\WINDOWS\System32\kschimp.ini

[2009/11/11 09:05:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009/09/12 09:02:49 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2009/09/12 09:02:49 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2009/09/12 09:02:49 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2009/04/15 14:08:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2009/03/05 16:15:51 | 00,000,002 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt

[2009/03/05 16:00:11 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/03/05 16:00:10 | 00,000,163 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/02/26 14:33:04 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\pcouffin.log

[2009/02/26 14:32:58 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\inst.exe

[2009/02/26 14:32:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\pcouffin.cat

[2009/02/26 14:32:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\pcouffin.inf

[2009/01/10 15:14:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcivs.dll

[2008/10/30 15:01:18 | 00,050,736 | ---- | C] () -- C:\WINDOWS\System32\TbHelper.dll

[2008/10/02 16:34:16 | 00,028,635 | ---- | C] () -- C:\WINDOWS\System32\ksaud.ini

[2008/09/17 23:55:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/09/17 23:55:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/09/17 23:55:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/09/17 23:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/09/17 23:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008/07/26 07:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2008/07/04 09:57:19 | 00,001,112 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\ViewerApp.dat

[2008/06/27 10:34:56 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008/06/11 15:53:28 | 00,000,140 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2008/06/06 20:55:16 | 00,062,464 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/01 18:41:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/05/29 08:38:12 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\fusioncache.dat

[2008/05/29 08:27:43 | 00,011,031 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/05/27 21:11:06 | 00,066,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2007/07/16 17:36:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/11/09 15:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/10 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/04/06 04:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll

[2003/09/25 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll

[2003/09/25 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/09/23 16:11:00 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll



========== Alternate Data Streams ==========



@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >


OTL Extras logfile created on: 1/19/2010 7:10:29 AM - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = L:\Malware

Windows XP Media Center Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



1,023.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.09 Gb Total Space | 175.78 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 960.11 Mb Total Space | 824.98 Mb Free Space | 85.93% Space Free | Partition Type: FAT32

Drive L: | 980.72 Mb Total Space | 697.28 Mb Free Space | 71.10% Space Free | Partition Type: FAT

Drive M: | 149.04 Gb Total Space | 15.05 Gb Free Space | 10.09% Space Free | Partition Type: NTFS



Computer Name: PAM-A1DABE2F5B4

Current User Name: HP

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard



========== Extra Registry (SafeList) ==========





========== File Associations ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found



[HKEY_USERS\S-1-5-21-1004336348-1757981266-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)



========== Shell Spawning ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)



========== Security Center Settings ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"50:TCP" = 50:TCP:*:Enabled:VPN1

"51:TCP" = 51:TCP:*:Enabled:vpn2

"500:TCP" = 500:TCP:*:Enabled:vpn3

"50:UDP" = 50:UDP:*:Enabled:vpn4

"51:UDP" = 51:UDP:*:Enabled:vpn5

"500:UDP" = 500:UDP:*:Enabled:vpn6

"4500:UDP" = 4500:UDP:*:Enabled:vpn7

"4500:TCP" = 4500:TCP:*:Enabled:vpn8

"1723:TCP" = 1723:TCP:*:Enabled:vpn9

"1723:UDP" = 1723:UDP:*:Enabled:vpn10

"443:TCP" = 443:TCP:*:Enabled:vpn11

"443:UDP" = 443:UDP:*:Enabled:vpn12

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002



========== Authorized Applications List ==========



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)

"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found

"C:\Documents and Settings\HP\Local Settings\Temp\7zS43A4\setup\HPZnui01.exe" = C:\Documents and Settings\HP\Local Settings\Temp\7zS43A4\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\Program Files\Link Logger\LinkLogger.exe" = C:\Program Files\Link Logger\LinkLogger.exe:*:Enabled:Professional Logging tool for Linksys WRT product line -- (Binary Visions Inc.)





========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax

"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package

"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis燭rue營mage燞ome

"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center Extensions

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO Registry Cleaner 1.0.17.23

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{AA5B1F20-3E6C-49C5-B7D2-B1F623C61EF4}" = Sound Blaster X-Fi Go!

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager

"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help

"{BE130CAB-F7AA-4660-96A2-6BCCE9743946}" = Sonic Backup MyPC Special Edition for HP

"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min

"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software

"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy

"{F539210E-8474-44E3-9035-01CB6444DB46}" = OutlookTools 2

"{FF61C48C-12C2-4320-B838-7F469E4F2080}" = TrustedID Identity Theft Protection

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe SVG Viewer" = Adobe SVG Viewer

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"AnyDVD" = AnyDVD

"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar

"ATI Display Driver" = ATI Display Driver

"BizPricer_Application_1.0" = BizPricer Application Wizard Version 1.0

"Creative Volume Panel" = Volume Panel

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition

"Free Studio_is1" = Free Studio version 4.2

"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.1

"FrontPage Well Organized" = FrontPage Well Organized

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition

"KeyScrambler" = KeyScrambler

"Lexmark 7300 Series" = Lexmark 7300 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)

"MSC" = McAfee SecurityCenter

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PdaNet_is1" = PdaNet Desktop for iPhone 1.53

"Photo Viewer" = Photo Viewer 2.3

"Uninstall_is1" = Uninstall 1.0.0.1

"WIC" = Windows Imaging Component

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0



========== HKEY_USERS Uninstall List ==========



[HKEY_USERS\S-1-5-21-1004336348-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.0.0.320



========== Last 10 Event Log Errors ==========



[ Application Events ]

Error - 1/15/2010 5:39:45 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/15/2010 5:39:45 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/16/2010 1:04:30 PM | Computer Name = PAM-A1DABE2F5B4 | Source = PerfNet | ID = 2002

Description = Unable to open the Redirector service. Redirector performance data

will

not be returned. Error code returned is in data DWORD 0.



Error - 1/17/2010 12:23:18 AM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:07 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:07 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:07 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:19 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:19 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



Error - 1/18/2010 4:48:19 PM | Computer Name = PAM-A1DABE2F5B4 | Source = QuickBooks | ID = 4

Description =



[ System Events ]

Error - 1/17/2010 5:25:22 PM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10010

Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register

with DCOM within the required timeout.



Error - 1/17/2010 5:40:04 PM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10016

Description = The application-specific permission settings do not grant Local Launch

permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}



to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be

modified using the Component Services administrative tool.



Error - 1/17/2010 9:16:33 PM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10016

Description = The application-specific permission settings do not grant Local Launch

permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}



to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be

modified using the Component Services administrative tool.



Error - 1/17/2010 10:37:33 PM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10010

Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register

with DCOM within the required timeout.



Error - 1/18/2010 4:15:32 AM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10010

Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register

with DCOM within the required timeout.



Error - 1/18/2010 9:36:27 AM | Computer Name = PAM-A1DABE2F5B4 | Source = DCOM | ID = 10010

Description = The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register

with DCOM within the required timeout.



Error - 1/18/2010 11:58:12 AM | Computer Name = PAM-A1DABE2F5B4 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)



Error - 1/18/2010 11:58:12 AM | Computer Name = PAM-A1DABE2F5B4 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.



Error - 1/18/2010 11:58:14 AM | Computer Name = PAM-A1DABE2F5B4 | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)



Error - 1/18/2010 11:58:14 AM | Computer Name = PAM-A1DABE2F5B4 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.





< End of report >



#4 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 19 January 2010 - 08:57 AM

Myrti I have re-pasted dds and root repeal files i ran this am since I had major problems - Mcafee AV and firewal completely messed with by person who hijacked me so I added and deleted some things from original post. Sorry. This machine is definaltely been taken over when ever they want. Here are files



DDS (Ver_09-12-01.01) - NTFSx86

Run by HP at 7:22:37.18 on Tue 01/19/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.391 [GMT -6:00]



AV: MacroVirus *On-access scanning enabled* (Updated) {96A0710D-9FB9-4D45-B684-F6BB9C2594BE}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}



============== Running Processes ===============



C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Creative\Volume Panel\VolPanlu.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\HP\gotomypc_438.exe

C:\DOCUME~1\HP\LOCALS~1\Temp\G2_438\g2viewer.exe

C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

L:\Malware\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://www.google.com/ig?referrer=theme_ign

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

BHO: TbHelperObject Class: {6ddef7a2-c6b5-4869-8330-6db412f59552} - c:\windows\system32\TbHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r

mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi go\console launcher\CTAPR2.exe" /r

mRun: [SoundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: google.com\www

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: windowsupdate.com\download

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245529511484

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245529495859

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab

TCP: {F34728A5-D19D-4A44-A313-1C4B3FA7E4BD} = 68.87.72.134

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\hp\applic~1\mozilla\firefox\profiles\ig161hg6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=theme_ign

FF - component: c:\documents and settings\hp\application data\mozilla\firefox\profiles\ig161hg6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\hp\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\hp\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\hp\application data\mozilla\firefox\profiles\ig161hg6.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\hp\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}



============= SERVICES / DRIVERS ===============



R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2008-7-4 18110]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-10 214664]

R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2008-7-4 619390]

R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2008-7-4 423454]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-10 359952]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-10 144704]

R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\trustedid\identity theft protection\agent\bin\SanaSafeConnectWatcher.exe [2008-3-21 539160]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-3 115312]

R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-1 772992]

R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-10 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-10 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-10 35272]

R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-10 34248]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-10 40552]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-8-28 9472]

S0 xhlatjbf;xhlatjbf;c:\windows\system32\drivers\xcrqga.sys --> c:\windows\system32\drivers\xcrqga.sys [?]

S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [2008-7-4 64964]

S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-20 464264]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-17 79360]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-12 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-12 3072]

S3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectDriver.sys [2008-3-21 161304]

S3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectFilter.sys [2008-3-21 29720]

S3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\trustedid\identity theft protection\agent\driver\platform_xp\SafeConnectShim.sys [2008-3-21 27376]

S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

S4 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\trustedid\identity theft protection\agent\bin\SanaAgent.exe [2008-3-21 4937240]



=============== Created Last 30 ================



2010-01-18 01:30:14 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-01-18 01:30:12 0 d-----w- c:\program files\McAfee Security Scan

2010-01-13 17:20:44 0 d-----w- c:\program files\Link Logger

2010-01-13 17:03:09 0 ----a-w- c:\documents and settings\hp\Ÿ9Ÿ9

2010-01-12 19:40:38 0 d-----w- c:\docume~1\hp\applic~1\WinBatch

2010-01-11 03:30:41 0 d-----w- c:\docume~1\hp\applic~1\McAfee

2010-01-11 00:09:23 8773 ----a-w- c:\windows\system32\Config.MPF

2010-01-10 21:43:11 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2010-01-10 21:43:11 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-01-10 21:43:10 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-01-10 21:43:01 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-01-10 21:42:03 0 d-----w- c:\program files\common files\McAfee

2010-01-10 21:42:00 0 d-----w- c:\program files\McAfee.com

2010-01-10 21:41:36 0 d-----w- c:\program files\McAfee

2010-01-10 21:36:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2010-01-10 21:36:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-01-06 23:22:22 0 d-----w- c:\docume~1\hp\applic~1\Malwarebytes

2010-01-06 23:22:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-06 23:22:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 23:22:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-06 23:22:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-28 18:15:29 0 d-----w- c:\program files\SlySoft



==================== Find3M ====================



2010-01-06 16:36:00 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-01-06 15:03:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-28 17:28:52 87608 ----a-w- c:\docume~1\hp\applic~1\inst.exe

2009-12-28 17:28:52 47360 ----a-w- c:\docume~1\hp\applic~1\pcouffin.sys

2009-12-19 18:22:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2009-12-17 22:25:12 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2009-12-03 12:59:11 164834 ----a-w- c:\windows\hpoins21.dat

2009-11-17 20:39:27 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2009-11-17 20:39:27 110592 ----a-w- c:\windows\system32\OpenAL32.dll

2009-11-10 02:49:05 69172 ----a-r- c:\windows\fonts\Baskerville-Normal.ttf

2009-10-31 21:15:26 1112 ----a-w- c:\docume~1\hp\applic~1\ViewerApp.dat



============= FINISH: 7:23:44.91 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT



DDS (Ver_09-12-01.01)



Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/27/2008 6:27:13 PM

System Uptime: 1/13/2010 7:37:01 PM (132 hours ago)



Motherboard: ASUSTeK Computer INC. | | Puffer

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3001/200mhz



==== Disk Partitions =========================



C: is FIXED (NTFS) - 298 GiB total, 175.781 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is Removable

M: is FIXED (NTFS) - 149 GiB total, 15.046 GiB free.



==== Disabled Device Manager Items =============



Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\B563D8E01800

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\B563D8E01800

Service: NIC1394



Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0

Service: RTL8023xp



Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Linksys Wireless-G PCI Adapter

Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&23C0B1C&0&18F0

Manufacturer: Linksys, A Division of Cisco Systems, Inc.

Name: Linksys Wireless-G PCI Adapter

PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&23C0B1C&0&18F0

Service: RT61



Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Photosmart C7200 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: HP Photosmart C7200

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam



Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C7200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:



==== System Restore Points ===================



No restore point in system.



==== Installed Programs ======================



32 Bit HP CIO Components Installer

Acronis燭rue營mage燞ome

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.2

Adobe SVG Viewer

Agere Systems PCI Soft Modem

AIO_Scan

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Camera Suite 1.3

ATI Display Driver

BizPricer Application Wizard Version 1.0

Bonjour

BufferChm

C7200

C7200_Help

Cards_Calendar_OrderGift_DoMorePlugout

COMODO Registry Cleaner 1.0.17.23

Compatibility Pack for the 2007 Office system

Copy

DesignPro 5.4 Limited Edition

Destination Component

DeviceDiscovery

DocProc

EASEUS Partition Master 4.0 Home Edition

Fax

Free Studio version 4.2

Free Video to iPhone Converter version 2.1

FrontPage Well Organized

Google Toolbar for Internet Explorer

GoToMeeting 4.0.0.320

GPBaseService

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

HP Driver Diagnostics

HP Imaging Device Functions 10.0

HP Photosmart All-In-One Driver Software 10.0 Rel .2

HP Photosmart Essential 2.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iTunes

Java™ 6 Update 17

KeyScrambler

Lexmark 7300 Series

Malwarebytes' Anti-Malware

McAfee Security Scan

McAfee SecurityCenter

McAfee Virtual Technician

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft FrontPage 2002

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Office XP Professional

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.16)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

NetDeviceManager

NVIDIA Drivers

NVIDIA Media Center Extensions

NVIDIA PureVideo Decoder

OCR Software by I.R.I.S. 10.0

OutlookTools 2

PanoStandAlone

PdaNet Desktop for iPhone 1.53

Photo Viewer 2.3

Picture Package

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

PSSWCORE

QuickBooks Pro 2008

Quicken 2008

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

SolutionCenter

Sonic Activation Module

Sonic Backup MyPC Special Edition for HP

Sonic Update Manager

Sony DVD Handycam USB Driver 2

Sound Blaster X-Fi Go!

Status

Toolbox

TrayApp

TrustedID Identity Theft Protection

Uninstall 1.0.0.1

UnloadSupport

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB942763)

Update Rollup 2 for Windows XP Media Center Edition 2005

VC 9.0 Runtime

VideoToolkit01

Volume Panel

WebFldrs XP

WebReg

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Media Center Edition 2005 KB925766

Windows XP Service Pack 3

ZoneAlarm Spy Blocker Toolbar



==== Event Viewer Messages From Past Week ========



1/16/2010 9:18:26 PM, error: Print [6161] - The document Intuit owned by HP failed to print on printer Lexmark 7300 Series. Data type: LEMF. Size of the spool file in bytes: 2161104. Number of bytes printed: 2161104. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\PAM-A1DABE2F5B4. Win32 error code returned by the print processor: 0 (0x0).

1/16/2010 9:18:22 PM, error: Print [6161] - The document Intuit owned by HP failed to print on printer Lexmark 7300 Series. Data type: LEMF. Size of the spool file in bytes: 220940. Number of bytes printed: 220940. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PAM-A1DABE2F5B4. Win32 error code returned by the print processor: 0 (0x0).

1/16/2010 9:15:37 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service lxci_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441070}

1/14/2010 2:39:51 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service QBFCService with arguments "" in order to run the server: {E2F551B5-D7E4-351C-A975-2E8EEE4D1917}

1/13/2010 9:36:29 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

1/13/2010 9:35:34 AM, error: Service Control Manager [7034] - The SanaSafeConnectAgent service terminated unexpectedly. It has done this 1 time(s).

1/13/2010 9:03:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Scanner service to connect.

1/13/2010 9:03:44 AM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/13/2010 9:03:42 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

1/13/2010 7:39:42 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

1/13/2010 7:39:29 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

1/13/2010 7:37:34 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.

1/13/2010 12:32:00 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

1/13/2010 12:21:20 PM, error: Dhcp [1002] - The IP address lease 192.168.14.101 for the Network Card with network address 0016B659EEA0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

1/13/2010 12:09:22 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016B659EEA0. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

1/13/2010 11:59:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00112FE2B955 has been denied by the DHCP server 192.168.14.14 (The DHCP Server sent a DHCPNACK message).

1/13/2010 11:49:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00112FE2B955 has been denied by the DHCP server 192.168.1.14 (The DHCP Server sent a DHCPNACK message).

1/13/2010 11:27:50 AM, error: Service Control Manager [7022] - The McAfee SystemGuards service hung on starting.

1/13/2010 11:27:14 AM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 80507f95.

1/13/2010 11:20:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

1/13/2010 11:13:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

1/13/2010 11:12:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/13/2010 11:12:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ElbyCDIO Fips intelppm IPSec mfehidk MPFP NetBT nvport RasAcd Tcpip

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:12:27 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/13/2010 11:11:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/13/2010 11:01:43 AM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef41a.

1/13/2010 10:30:30 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPSLPSVC service.

1/13/2010 10:07:56 AM, error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/13/2010 10:07:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}

1/13/2010 10:07:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {398E2E68-BFDA-4834-B971-3CB8EC3C7219}

1/13/2010 10:03:49 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

1/13/2010 10:03:49 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

1/12/2010 2:34:03 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

1/12/2010 2:11:02 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016B659EEA0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

1/12/2010 2:09:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/12/2010 1:55:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

1/12/2010 1:54:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

1/12/2010 1:52:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElbyCDIO Fips intelppm mfehidk nvport



==== End Of File ===========================


Here is what came up when I ran root repeal.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/19 07:34

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================



Hidden/Locked Files

-------------------

Path: c:\windows\temp\mcmsc_sgd8zcawwly5zar

Status: Allocation size mismatch (API: 4096, Raw: 0)



Path: c:\windows\temp\mcafee_ijsij9sl25gnouh

Status: Allocation size mismatch (API: 4096, Raw: 0)



Path: c:\windows\temp\mcmsc_zjproz6lpb1xrsv

Status: Allocation size mismatch (API: 4096, Raw: 0)




#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 19 January 2010 - 12:55 PM

Hi,

how does the "taking over" show? What was the virus doing to your anti virus program?

Please provide a scan from gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 19 January 2010 - 03:33 PM

Myrti,

by taking over I mean not being able to close windows, changes to the services running, IP address in Netsat that shows connected to my machine. I installed McAfee Suite of Antivirus, Firewall atc from cmomcast (my service provider). Strange things like when I turn on firewall (interneton/off) person is still able to connect to my machine or reboot. I recieved a email last july from my brother he asked my mom to forward to me and ever since then, I had credit card numbers taken and items purchased without my consent, the computer runs very slowly, if I change things in safe mode they are changed the next morning. From all I have read, I am convinced I have a trojan and he conects to my machine via terminal services or some trojan software. He changes settings on router. When I prevented MAC address on the router it blocked me as well like he cloned address? I don't know? Did you see the files that were in the last rootrepeal.txt? I am not the most technical but have sold software for over 15 years and know I have a problem. My Linux laptop does not seem to have the same problem since I never opened any email from him on this machine. I am using the linux machine to send things since I know it is safe. I now keep router unplugged when not in use so I know that computer is safe and I use a neighbors wireless to send these logs. I hope this helps. Below is the GMER log you requested and thanks again for your help.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-01-19 14:17:12

Windows 5.1.2600 Service Pack 3, v.3244

Running: m4wjlsvg.exe; Driver: C:\DOCUME~1\HP\LOCALS~1\Temp\kwryqaoc.sys





---- System - GMER 1.0.15 ----



Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEB85978A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEB859821]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEB859738]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEB85974C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEB859835]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEB859861]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEB8598CF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEB8598B9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEB8597CA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEB8598FB]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEB85980D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEB859710]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEB859724]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEB85979E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEB859937]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEB8598A3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEB85988D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEB85984B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEB859923]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEB85990F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEB859776]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEB859762]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEB859877]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEB8597F9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEB8598E5]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEB8597E0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEB8597B4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess



---- Devices - GMER 1.0.15 ----



AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)



---- EOF - GMER 1.0.15 ----


#7 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 19 January 2010 - 03:39 PM

Myrti,

Also in the first pseudo HJT report I posted the following line was in the services / drives section
S0 xhlatjbf;xhlatjbf;c:\windows\system32\drivers\xcrqga.sys --> c:\windows\system32\drivers\xcrqga.sys [?]

when I went to find it nothing shows up. tried to delete in DOS and still nothing. Do you know what this is?


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 20 January 2010 - 01:25 PM

Hi,

where did you look for that entry? In the registry or in the file folder?

What you describe is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. But you are aware of this.

The problem with backdoor trojans is, that your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to try and clean please run ComboFix as a next step:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Also I see you have open ports for VPN sessions, do you use VPN-clients at all?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 January 2010 - 03:20 AM

Myrti,

I looked for that one file I posted in the directory not the registry ( i pasted it right below here again.) The other strange thing is when I ran combofix, it said I have MacroVirus Antivirus running. I got that software and deleted it awhile ago and don't know why it shows as my Antivirus along with McAfee? Was it a legitimate package? How do I remove that as well if I don't see it?

S0 xhlatjbf;xhlatjbf;c:\windows\system32\drivers\xcrqga.sys --> c:\windows\system32\drivers\xcrqga.sys [?]

Here is combofix report and thanks again for your help!

ComboFix 10-01-20.05 - HP 01/21/2010 1:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.264 [GMT -6:00]
Running from: c:\documents and settings\HP\My Documents\Downloads\ComboFix.exe
AV: MacroVirus *On-access scanning enabled* (Updated) {96A0710D-9FB9-4D45-B684-F6BB9C2594BE}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP\Application Data\inst.exe
c:\documents and settings\HP\Local Settings\Temporary Internet Files\viewChanges.html
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\service
c:\windows\system32\service\10122009_TIS17_SfFniAU.log
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 00:18 . 2010-01-21 00:19 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\Temp
2010-01-20 17:19 . 2010-01-20 17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-20 17:19 . 2010-01-20 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 01:30 . 2010-01-18 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-18 01:30 . 2010-01-18 01:30 -------- d-----w- c:\program files\McAfee Security Scan
2010-01-18 01:29 . 2010-01-18 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-18 01:29 . 2010-01-18 01:29 -------- d-----w- c:\program files\NOS
2010-01-13 17:20 . 2010-01-13 18:46 -------- d-----w- c:\program files\Link Logger
2010-01-12 19:40 . 2010-01-12 19:40 -------- d-----w- c:\documents and settings\HP\Application Data\WinBatch
2010-01-12 18:37 . 2010-01-12 18:37 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\McAfee
2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\documents and settings\HP\Application Data\McAfee
2010-01-10 21:43 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-10 21:43 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-10 21:43 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-10 21:43 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-10 21:42 . 2010-01-11 02:13 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-10 21:42 . 2010-01-10 21:42 -------- d-----w- c:\program files\McAfee.com
2010-01-10 21:41 . 2010-01-12 17:49 -------- d-----w- c:\program files\McAfee
2010-01-10 21:36 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-10 21:36 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-09 21:14 . 2010-01-11 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-09 18:18 . 2010-01-20 18:18 -------- d-----w- c:\documents and settings\Administrator
2010-01-06 23:22 . 2010-01-06 23:22 -------- d-----w- c:\documents and settings\HP\Application Data\Malwarebytes
2010-01-06 23:22 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 23:22 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:22 . 2010-01-06 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-06 23:22 . 2010-01-21 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 18:35 . 2009-12-28 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-12-28 18:15 . 2009-12-28 18:15 -------- d-----w- c:\program files\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 04:15 . 2008-06-10 02:47 4723 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-01-21 01:47 . 2010-01-21 01:47 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-20 18:21 . 2009-02-17 11:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-18 01:30 . 2010-01-18 01:30 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-18 01:30 . 2010-01-18 01:30 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-01-17 03:18 . 2009-01-10 21:18 -------- d-----w- c:\program files\Lx_cats
2010-01-13 18:28 . 2009-12-02 00:00 -------- d-----w- c:\program files\ThreatFire
2010-01-12 20:30 . 2009-04-29 03:06 -------- d-----r- c:\program files\Skype
2010-01-12 20:30 . 2009-04-29 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-12 18:02 . 2009-05-01 22:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-09 18:49 . 2010-01-09 18:49 60527 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_09_12_47_37_small.dmp.zip
2010-01-09 18:45 . 2009-12-02 00:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 02:07 . 2010-01-08 02:07 55552 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_07_20_06_15_small.dmp.zip
2010-01-08 00:29 . 2010-01-08 00:29 55181 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_07_17_47_23_small.dmp.zip
2010-01-07 23:44 . 2010-01-07 23:44 57243 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_07_17_40_23_small.dmp.zip
2010-01-07 23:37 . 2010-01-07 23:37 60090 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_07_17_35_35_small.dmp.zip
2010-01-07 13:55 . 2010-01-07 13:55 108608 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_07_07_46_40_small.dmp.zip
2010-01-07 13:38 . 2010-01-07 13:38 114461 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_07_07_34_58_small.dmp.zip
2010-01-06 16:36 . 2009-06-21 00:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-06 15:03 . 2009-11-17 21:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 21:27 . 2008-06-09 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-28 17:32 . 2009-12-04 01:12 -------- d-----w- c:\program files\AntiLogger
2009-12-28 17:28 . 2009-02-26 20:32 -------- d-----w- c:\documents and settings\HP\Application Data\Vso
2009-12-28 17:28 . 2009-02-26 20:32 47360 ----a-w- c:\documents and settings\HP\Application Data\pcouffin.sys
2009-12-28 17:28 . 2009-02-26 20:32 47360 ----a-w- c:\documents and settings\HP\Application Data\pcouffin.sys
2009-12-28 16:39 . 2009-06-22 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-17 22:37 . 2010-01-18 01:29 31936 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-12-17 22:37 . 2010-01-18 01:29 29344 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-09 16:18 . 2008-05-29 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-05 03:22 . 2009-12-05 03:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-04 04:14 . 2009-12-04 01:02 -------- d-----w- c:\program files\KeyScrambler
2009-12-03 22:18 . 2009-01-27 23:45 -------- d-----w- c:\documents and settings\HP\Application Data\Move Networks
2009-12-03 22:14 . 2009-11-17 19:59 -------- d-----w- c:\program files\Creative
2009-12-03 21:51 . 2009-12-03 21:51 -------- d-----w- c:\documents and settings\HP\Application Data\Uniblue
2009-12-03 12:59 . 2009-11-26 01:20 164834 ----a-w- c:\windows\hpoins21.dat
2009-12-02 17:37 . 2009-02-07 20:50 -------- d-----w- c:\documents and settings\HP\Application Data\Apple Computer
2009-12-01 22:45 . 2009-12-01 22:45 90851 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_12_01_14_50_03_small.dmp.zip
2009-11-29 00:05 . 2009-11-29 00:04 -------- d-----w- c:\program files\iTunes
2009-11-29 00:05 . 2009-11-29 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-29 00:04 . 2009-11-29 00:04 -------- d-----w- c:\program files\iPod
2009-11-29 00:04 . 2009-02-07 20:47 -------- d-----w- c:\program files\Common Files\Apple
2009-11-29 00:01 . 2009-06-26 16:46 -------- d-----w- c:\program files\QuickTime
2009-11-28 23:52 . 2009-11-28 23:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-26 02:31 . 2008-06-02 00:52 -------- d-----w- c:\documents and settings\HP\Application Data\HP
2009-11-26 02:25 . 2008-05-29 14:30 -------- d-----w- c:\program files\HP
2009-11-26 02:20 . 2009-11-26 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-26 02:18 . 2009-11-26 02:18 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-18 02:20 . 2009-11-18 02:20 185240 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\atgpcext.dll
2009-11-18 02:20 . 2009-11-18 02:20 28488 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\atgpcdec.dll
2009-11-18 02:20 . 2009-11-18 02:20 61848 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\npatgpc.dll
2009-11-17 20:39 . 2009-11-17 20:02 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-17 20:39 . 2009-11-17 20:02 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-17 20:28 . 2009-11-17 20:28 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-11-17 20:28 . 2009-11-17 20:25 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-11-17 20:25 . 2009-11-17 20:19 94119312 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Sound Blaster X-Fi Go! driver 1.01.0096__\SBXG_PCDRV_LB_1_01_0096.exe
2009-11-17 20:19 . 2009-11-17 20:17 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-11-17 20:17 . 2009-11-17 20:15 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-11-17 20:15 . 2009-11-17 20:14 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-11-15 14:12 . 2009-02-23 21:19 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-11-15 14:12 . 2008-06-13 01:36 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-15 14:12 . 2008-06-13 01:36 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-11-15 14:12 . 2009-11-15 14:12 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-11-13 17:10 . 2009-11-13 17:10 152576 ----a-w- c:\documents and settings\HP\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 17:10 . 2009-11-13 00:07 79488 ----a-w- c:\documents and settings\HP\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 11:58 . 2008-06-02 12:21 83696 ----a-w- c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 21:15 . 2008-07-04 15:57 1112 ----a-w- c:\documents and settings\HP\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-31 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-21 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-10-28 237693]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe" [2008-08-07 61546]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^HP^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Link Logger\\LinkLogger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50:TCP"= 50:TCP:VPN1
"51:TCP"= 51:TCP:vpn2
"500:TCP"= 500:TCP:vpn3
"50:UDP"= 50:UDP:vpn4
"51:UDP"= 51:UDP:vpn5
"500:UDP"= 500:UDP:vpn6
"4500:UDP"= 4500:UDP:vpn7
"4500:TCP"= 4500:TCP:vpn8
"1723:TCP"= 1723:TCP:vpn9
"1723:UDP"= 1723:UDP:vpn10
"443:UDP"= 443:UDP:vpn12

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [7/4/2008 7:15 AM 18110]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [7/4/2008 7:15 AM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [7/4/2008 7:15 AM 423454]
R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe [3/21/2008 1:42 PM 4937240]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe [3/21/2008 1:42 PM 539160]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/3/2009 7:02 PM 115312]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [8/28/2009 1:22 PM 9472]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectDriver.sys [3/21/2008 1:43 PM 161304]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectFilter.sys [3/21/2008 1:43 PM 29720]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectShim.sys [3/21/2008 1:43 PM 27376]
S0 xhlatjbf;xhlatjbf;c:\windows\system32\drivers\xcrqga.sys --> c:\windows\system32\drivers\xcrqga.sys [?]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [7/4/2008 7:15 AM 64964]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/17/2009 1:59 PM 79360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/12/2009 9:02 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/12/2009 9:02 AM 3072]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 772992]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1757981266-839522115-1003Core.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 00:18]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1757981266-839522115-1003UA.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 00:18]

2010-01-18 c:\windows\Tasks\Hannamax062008 1213086418.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2009-09-17 00:32]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?referrer=theme_ign
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: google.com\www
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=theme_ign
FF - component: c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\HP\Application Data\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-IBP - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 01:49
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3664)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\dllhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
.
**************************************************************************
.
Completion time: 2010-01-21 02:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 08:01

Pre-Run: 188,609,384,448 bytes free
Post-Run: 189,086,158,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BCB0158C77E7AE92BC18503227EFCFE6


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 21 January 2010 - 08:19 AM

Hi,

the entry lists the file as missing, hence it is not surprising, that you did not find it. We will remove the entry now, since it is not working anymore.

The entry for macrovision is a leftover which we will remove as well:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
xhlatjbf
SecCenter::
{96A0710D-9FB9-4D45-B684-F6BB9C2594BE}


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 January 2010 - 10:04 AM

Thanks, I will do that now. Will system recovery vs formatdrive/recovery help so I can keep data or should I backup my docs and start from scratch and not worry about apps I no longer have cd's for?

#12 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 January 2010 - 01:32 PM

Myrti,
I don't use VPN. How do I close these ports? Also, do I need udp?

#13 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 21 January 2010 - 06:15 PM

Myrti,

Ran Combo fix with some issues. Afile c:windows\temp\logishrd\LVPRCInj01.dll tried to attach itself to combofix and program said to write it down.

After scan and reboot I got the blue screen of death and had the message if I want to send the report. The file that would have been included were
c:\documents and settings\hp\local settings\werfd05.dir00\mini012110-01.dmp
c:\documents and settings\hp\local settings\werfd05.dir00\sysdata

I then rebooted in safe mode and ran combofix again (assuming the text file I copied previously was still part of what you wanted to do.

Both times it still detected Macro Virus as my Anti Virus still running and I still have no idea where that is or how to get rid of it. Here is the report log from combo fix. It looks like that one service or driver starting with S0 i posted is gone as hoped.

ComboFix 10-01-21.01 - HP 01/21/2010 16:36:48.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.726 [GMT -6:00]
Running from: c:\documents and settings\HP\My Documents\Downloads\ComboFix.exe
AV: MacroVirus *On-access scanning enabled* (Updated) {96A0710D-9FB9-4D45-B684-F6BB9C2594BE}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xhlatjbf


((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 01:47 . 2010-01-21 01:47 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-21 00:18 . 2010-01-21 00:19 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\Temp
2010-01-20 17:19 . 2010-01-20 17:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-20 17:19 . 2010-01-20 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 01:30 . 2010-01-18 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-18 01:30 . 2010-01-18 01:30 -------- d-----w- c:\program files\McAfee Security Scan
2010-01-18 01:30 . 2010-01-18 01:30 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-18 01:30 . 2010-01-18 01:30 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-01-18 01:29 . 2010-01-18 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-18 01:29 . 2010-01-18 01:29 -------- d-----w- c:\program files\NOS
2010-01-18 01:29 . 2009-12-17 22:37 31936 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-01-18 01:29 . 2009-12-17 22:37 29344 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-01-13 17:20 . 2010-01-13 18:46 -------- d-----w- c:\program files\Link Logger
2010-01-12 19:40 . 2010-01-12 19:40 -------- d-----w- c:\documents and settings\HP\Application Data\WinBatch
2010-01-12 18:37 . 2010-01-12 18:37 -------- d-----w- c:\documents and settings\HP\Local Settings\Application Data\McAfee
2010-01-11 03:32 . 2009-09-30 18:11 288096 ----a-r- c:\documents and settings\HP\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\documents and settings\HP\Application Data\McAfee
2010-01-10 21:43 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-10 21:43 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-01-10 21:43 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-10 21:43 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-10 21:42 . 2010-01-11 02:13 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-10 21:42 . 2010-01-10 21:42 -------- d-----w- c:\program files\McAfee.com
2010-01-10 21:41 . 2010-01-12 17:49 -------- d-----w- c:\program files\McAfee
2010-01-10 21:36 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-10 21:36 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-09 21:14 . 2010-01-11 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-09 18:18 . 2010-01-20 18:18 -------- d-----w- c:\documents and settings\Administrator
2010-01-06 23:22 . 2010-01-06 23:22 -------- d-----w- c:\documents and settings\HP\Application Data\Malwarebytes
2010-01-06 23:22 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 23:22 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:22 . 2010-01-06 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-06 23:22 . 2010-01-21 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 18:35 . 2009-12-28 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-12-28 18:15 . 2009-12-28 18:15 -------- d-----w- c:\program files\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 04:15 . 2008-06-10 02:47 4723 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-01-20 18:21 . 2009-02-17 11:42 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-17 03:18 . 2009-01-10 21:18 -------- d-----w- c:\program files\Lx_cats
2010-01-13 18:28 . 2009-12-02 00:00 -------- d-----w- c:\program files\ThreatFire
2010-01-12 20:30 . 2009-04-29 03:06 -------- d-----r- c:\program files\Skype
2010-01-12 20:30 . 2009-04-29 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-12 18:02 . 2009-05-01 22:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-09 18:45 . 2009-12-02 00:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-06 16:36 . 2009-06-21 00:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-06 15:03 . 2009-11-17 21:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 21:27 . 2008-06-09 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-28 17:32 . 2009-12-04 01:12 -------- d-----w- c:\program files\AntiLogger
2009-12-28 17:28 . 2009-02-26 20:32 -------- d-----w- c:\documents and settings\HP\Application Data\Vso
2009-12-28 17:28 . 2009-02-26 20:32 47360 ----a-w- c:\documents and settings\HP\Application Data\pcouffin.sys
2009-12-28 17:28 . 2009-02-26 20:32 47360 ----a-w- c:\documents and settings\HP\Application Data\pcouffin.sys
2009-12-28 16:39 . 2009-06-22 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-09 16:18 . 2008-05-29 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-05 03:22 . 2009-12-05 03:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-04 04:14 . 2009-12-04 01:02 -------- d-----w- c:\program files\KeyScrambler
2009-12-03 22:18 . 2009-01-27 23:45 -------- d-----w- c:\documents and settings\HP\Application Data\Move Networks
2009-12-03 22:14 . 2009-11-17 19:59 -------- d-----w- c:\program files\Creative
2009-12-03 21:51 . 2009-12-03 21:51 -------- d-----w- c:\documents and settings\HP\Application Data\Uniblue
2009-12-03 12:59 . 2009-11-26 01:20 164834 ----a-w- c:\windows\hpoins21.dat
2009-12-02 17:37 . 2009-02-07 20:50 -------- d-----w- c:\documents and settings\HP\Application Data\Apple Computer
2009-11-29 00:05 . 2009-11-29 00:04 -------- d-----w- c:\program files\iTunes
2009-11-29 00:05 . 2009-11-29 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-29 00:04 . 2009-11-29 00:04 -------- d-----w- c:\program files\iPod
2009-11-29 00:04 . 2009-02-07 20:47 -------- d-----w- c:\program files\Common Files\Apple
2009-11-29 00:01 . 2009-06-26 16:46 -------- d-----w- c:\program files\QuickTime
2009-11-28 23:52 . 2009-11-28 23:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-26 02:31 . 2008-06-02 00:52 -------- d-----w- c:\documents and settings\HP\Application Data\HP
2009-11-26 02:25 . 2008-05-29 14:30 -------- d-----w- c:\program files\HP
2009-11-26 02:20 . 2009-11-26 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-26 02:18 . 2009-11-26 02:18 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-18 02:20 . 2009-11-18 02:20 185240 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\atgpcext.dll
2009-11-18 02:20 . 2009-11-18 02:20 28488 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\atgpcdec.dll
2009-11-18 02:20 . 2009-11-18 02:20 61848 ----a-w- c:\documents and settings\HP\Application Data\Mozilla\plugins\npatgpc.dll
2009-11-17 20:39 . 2009-11-17 20:02 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-17 20:39 . 2009-11-17 20:02 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-17 20:28 . 2009-11-17 20:28 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-11-17 20:28 . 2009-11-17 20:25 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-11-17 20:25 . 2009-11-17 20:19 94119312 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Sound Blaster X-Fi Go! driver 1.01.0096__\SBXG_PCDRV_LB_1_01_0096.exe
2009-11-17 20:19 . 2009-11-17 20:17 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-11-17 20:17 . 2009-11-17 20:15 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-11-17 20:15 . 2009-11-17 20:14 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-11-15 14:12 . 2009-02-23 21:19 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-11-15 14:12 . 2008-06-13 01:36 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-15 14:12 . 2008-06-13 01:36 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-11-15 14:12 . 2009-11-15 14:12 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-11-13 17:10 . 2009-11-13 17:10 152576 ----a-w- c:\documents and settings\HP\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 17:10 . 2009-11-13 00:07 79488 ----a-w- c:\documents and settings\HP\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 11:58 . 2008-06-02 12:21 83696 ----a-w- c:\documents and settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 21:15 . 2008-07-04 15:57 1112 ----a-w- c:\documents and settings\HP\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-28 3214272]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-31 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-21 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-10-28 237693]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Go\Console Launcher\CTAPR2.exe" [2008-08-07 61546]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^HP^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Link Logger\\LinkLogger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50:TCP"= 50:TCP:VPN1
"51:TCP"= 51:TCP:vpn2
"500:TCP"= 500:TCP:vpn3
"50:UDP"= 50:UDP:vpn4
"51:UDP"= 51:UDP:vpn5
"500:UDP"= 500:UDP:vpn6
"4500:UDP"= 4500:UDP:vpn7
"4500:TCP"= 4500:TCP:vpn8
"1723:TCP"= 1723:TCP:vpn9
"1723:UDP"= 1723:UDP:vpn10
"443:UDP"= 443:UDP:vpn12

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [7/4/2008 7:15 AM 18110]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [7/4/2008 7:15 AM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [7/4/2008 7:15 AM 423454]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/3/2009 7:02 PM 115312]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [7/4/2008 7:15 AM 64964]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe [3/21/2008 1:42 PM 4937240]
S2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe [3/21/2008 1:42 PM 539160]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/17/2009 1:59 PM 79360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/12/2009 9:02 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/12/2009 9:02 AM 3072]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 772992]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [8/28/2009 1:22 PM 9472]
S3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectDriver.sys [3/21/2008 1:43 PM 161304]
S3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectFilter.sys [3/21/2008 1:43 PM 29720]
S3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectShim.sys [3/21/2008 1:43 PM 27376]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1757981266-839522115-1003Core.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 00:18]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1757981266-839522115-1003UA.job
- c:\documents and settings\HP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-21 00:18]

2010-01-18 c:\windows\Tasks\Hannamax062008 1213086418.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2009-09-17 00:32]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?referrer=theme_ign
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: google.com\www
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\HP\Application Data\Mozilla\Firefox\Profiles\ig161hg6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=theme_ign
FF - plugin: c:\documents and settings\HP\Application Data\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\HP\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 16:43
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-21 16:45:21
ComboFix-quarantined-files.txt 2010-01-21 22:45
ComboFix2.txt 2010-01-21 08:01

Pre-Run: 189,029,531,648 bytes free
Post-Run: 188,987,588,608 bytes free

- - End Of File - - 110AABD985FE77F1CB28B575625060ED




#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:41 AM

Posted 22 January 2010 - 11:46 AM

Hi,

please try the following instructions then:

In reference to the "" warning you probably have remnants that CF has detected. Lets fix that.

Please do this.....

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

let me know if that worked.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jackedandhelpless

jackedandhelpless
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 23 January 2010 - 07:00 AM

Myrti,
I believe that worked? Don't know unless I run combofix? should I try?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users