Unknown malware has taken over computer: Trojan spm/lx perhaps

View previous topic View next topic Go down

Unknown malware has taken over computer: Trojan spm/lx perhaps

Post by SteveH on 27th January 2010, 1:36 am

Virus or malware got past AVG, took it out and would not allow download. Did download McAfee Virus Scan but virus wont allow it to function. Virus keeps wanting me to purchase "Internet Security 2010" Infection occurred ~1/20/10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:39 PM, on 1/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Auto Run Software for Photo Frame /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0236201264467123) (0236201264467123mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023620~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15944 bytes

SteveH
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-26
OS OS : windows xp
Points Points : 25143
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware has taken over computer: Trojan spm/lx perhaps

Post by Belahzur on 27th January 2010, 1:49 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Partial success - removed "Internet Security 2010" popup

Post by SteveH on 27th January 2010, 3:15 am

Had some success got rid of "Internet Security 2010"; downloaded Malwarebytes successfully but virus will not allow program to open or run. Similar to McAfee in that regard --wont open. Next step? I did not see place to check next to Update Malwarebytes Anti-Malware -- perhaps version downloaded is not most current?

SteveH
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-26
OS OS : windows xp
Points Points : 25143
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware has taken over computer: Trojan spm/lx perhaps

Post by Belahzur on 28th January 2010, 12:06 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

OTL log file 1

Post by SteveH on 28th January 2010, 3:00 am

OTL logfile created on: 1/27/2010 8:37:24 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 12.22 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 491.55 Mb Total Space | 203.99 Mb Free Space | 41.50% Space Free | Partition Type: FAT

Computer Name: AUGUST292004
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 20:34:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2010/01/25 19:59:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 15:21:52 | 00,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/09 20:33:14 | 00,128,848 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/07/24 15:58:00 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2007/01/19 12:49:30 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/15 00:31:26 | 00,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2006/01/19 11:06:18 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 11:06:18 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 00,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
PRC - [2005/12/01 05:01:00 | 00,110,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
PRC - [2004/03/12 06:18:54 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\eMachines Bay Reader\shwiconEM.exe
PRC - [2002/07/31 18:22:26 | 01,742,384 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\BigFix.exe
PRC - [1998/07/20 23:00:00 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSWorks\Calendar\WKCALREM.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/27 20:34:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
MOD - [2005/12/01 05:01:00 | 00,077,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\McAfee QuickClean\imhook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0236201264467123mcinstcleanup) McAfee Application Installer Cleanup (0236201264467123)
SRV - [2010/01/25 19:59:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/06/18 10:54:27 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/15 00:31:26 | 00,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/02/14 23:11:36 | 00,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/30 22:01:36 | 00,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 21:55:34 | 00,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/06/18 09:49:16 | 00,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/05 20:21:25 | 00,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 20:17:37 | 02,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/01/24 16:25:09 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/01/24 16:25:08 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/01/24 16:25:07 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/11/14 03:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/17 02:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/10/17 02:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/15 01:34:34 | 00,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/02/15 01:34:16 | 00,015,488 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/02/15 00:29:26 | 00,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/02/14 23:17:54 | 00,107,008 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/12/22 10:34:00 | 00,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2004/03/23 02:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 02:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/01/30 10:13:06 | 00,122,110 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2004/01/30 10:13:06 | 00,095,579 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/01/30 10:13:04 | 00,099,002 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2004/01/17 06:21:48 | 00,012,970 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/01/10 15:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 15:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/11/25 23:58:10 | 00,006,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcitest.sys -- (PciTest)
DRV - [2003/11/14 10:19:48 | 00,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/14 10:18:36 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/14 10:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/31 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/03/31 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/03/31 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/03/31 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/03/31 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/03/31 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/03/31 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/03/31 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/03/31 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/03/31 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/03/31 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/03/31 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/03/31 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/03/31 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/09/25 21:09:12 | 00,140,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/17 07:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/14 15:28:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/26 17:30:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/08/24 16:28:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/01/25 22:14:20 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2006/06/11 17:20:48 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Auto Run Software for Photo Frame] File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe (McAfee, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/04/07 20:54:38 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/04/07 20:54:38 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/04/07 20:54:38 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/04/07 20:54:38 | 00,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} [You must be registered and logged in to see this link.] (CHListFactory Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} [You must be registered and logged in to see this link.] (iPIX ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} [You must be registered and logged in to see this link.] (CanvasX Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} [You must be registered and logged in to see this link.] (YbUploadFavsCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 11:54:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/26 20:26:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/26 20:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/26 20:26:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/26 20:26:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/26 20:17:47 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2010/01/26 20:10:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\backups
[2010/01/26 19:21:53 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\winlogon.scr
[2010/01/26 17:32:02 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/01/25 22:11:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/25 21:44:13 | 27,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Steve\Desktop\AdbeRdr930_en_US.exe
[2010/01/25 21:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\JavaRa
[2010/01/25 20:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/25 20:00:52 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/25 20:00:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/25 20:00:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/25 20:00:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/25 19:46:17 | 16,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steve\Desktop\jre-6u18-windows-i586-s.exe
[2010/01/24 16:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/24 14:17:28 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/01/24 14:17:27 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/01/24 14:17:27 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/01/24 14:12:05 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/01/24 14:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/24 13:50:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/22 19:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/22 18:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/22 18:48:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/22 18:48:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/22 08:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\MicroVision Applications
[2010/01/21 21:27:06 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/01/20 23:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/04/01 10:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/15 21:58:50 | 03,968,384 | ---- | C] (PC Tools ) -- C:\Program Files\pginstall.exe
[2005/11/22 15:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/01/30 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/01/30 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 20:18:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 20:16:30 | 00,000,060 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/27 20:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/27 20:15:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 20:15:53 | 52,729,0368 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 20:14:12 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/01/27 20:14:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/01/27 16:50:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 20:23:56 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2010/01/26 20:12:08 | 00,380,360 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\Notepad malware remove.docx
[2010/01/26 19:55:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/26 19:34:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/26 19:22:15 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\winlogon.scr
[2010/01/26 19:16:24 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Microsoft Office Word 2007.lnk
[2010/01/26 19:14:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/26 18:54:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/26 18:33:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/26 18:13:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/26 17:53:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/26 17:33:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/26 17:32:17 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/25 22:40:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/25 22:31:45 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/25 22:20:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/25 22:00:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/25 21:45:34 | 27,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Steve\Desktop\AdbeRdr930_en_US.exe
[2010/01/25 21:40:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/25 21:19:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/25 21:13:20 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.0.lnk
[2010/01/25 21:09:00 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/01/25 19:59:45 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/25 19:59:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/25 19:59:45 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/25 19:59:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/25 19:59:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/25 19:47:23 | 16,488,224 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Steve\Desktop\jre-6u18-windows-i586-s.exe
[2010/01/25 19:42:00 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/24 14:50:28 | 00,005,659 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/24 14:42:35 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/24 14:06:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/24 14:05:59 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/24 13:46:54 | 00,018,432 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/24 13:46:17 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/24 13:46:17 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/24 12:21:47 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Steve\Ÿ=Ÿ=
[2010/01/22 08:19:41 | 00,045,176 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/22 08:18:47 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\iTunes (2).lnk
[2010/01/21 20:02:50 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 15:36:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/19 17:54:38 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/18 14:42:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/03 15:12:30 | 00,013,913 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Augie payments.xlsx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/26 20:26:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 20:12:07 | 00,380,360 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\Notepad malware remove.docx
[2010/01/25 22:40:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/25 22:31:44 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/25 22:20:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/25 22:00:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/25 21:40:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/25 21:19:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/25 21:13:19 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.0.lnk
[2010/01/25 21:08:52 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/01/25 20:59:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/25 20:39:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/25 20:19:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/25 19:59:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/25 19:42:00 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/24 17:03:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/24 16:43:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/24 16:23:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/24 16:03:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/24 14:50:28 | 00,005,659 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/24 14:42:35 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/24 14:06:01 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/24 14:05:59 | 00,000,318 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/24 13:46:53 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/24 13:46:41 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/24 13:46:36 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/24 13:46:36 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/19 18:09:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\Ÿ=Ÿ=
[2010/01/19 17:54:38 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/25 17:43:54 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/27 18:03:14 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/07/22 07:14:20 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/12/14 15:18:55 | 00,008,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/15 21:50:34 | 30,422,984 | ---- | C] () -- C:\Program Files\avg75free_503a1171.exe
[2006/12/31 11:01:33 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2006/08/30 18:58:44 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/20 21:56:22 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/05/18 08:47:23 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/02/20 20:06:26 | 02,636,408 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2005/02/13 19:39:01 | 00,376,656 | ---- | C] () -- C:\Program Files\musicmatch_installer.exe
[2005/02/13 19:16:37 | 19,419,079 | ---- | C] () -- C:\Program Files\mmsetup_10002047b_ENU.exe
[2004/09/12 13:59:37 | 00,088,064 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/30 19:27:28 | 00,000,514 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/07/18 20:26:23 | 00,000,482 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/04 07:48:14 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/05/04 06:40:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/05/04 04:13:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 01:40:08 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 01:40:08 | 00,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/01 12:50:46 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 12:50:09 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 12:09:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/12 11:58:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 11:58:32 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 11:58:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 11:58:20 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Steve\Desktop\mbam-setup.exe:SummaryInformation
< End of report >

SteveH
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-26
OS OS : windows xp
Points Points : 25143
# Likes # Likes : 0

View user profile

Back to top Go down

OTL extra text file

Post by SteveH on 28th January 2010, 3:02 am

OTL Extras logfile created on: 1/27/2010 8:37:24 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 12.22 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 491.55 Mb Total Space | 203.99 Mb Free Space | 41.50% Space Free | Partition Type: FAT

Computer Name: AUGUST292004
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\bin\IA\Core\MDM_Util.exe" = E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CFB4CA5-782E-4606-A9FE-C39F301CF9DA}" = InterLok Driver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8B43D18F-DC74-4D44-814E-9BD3420B8E44}" = McAfee QuickClean 6.1
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9717EE69-75AF-45F9-B6B4-3022F69EF186}" = Digidesign Pro Tools LE 7.1
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"Audacity_is1" = Audacity 1.2.6
"BigFix" = BigFix
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCC2005_is1" = PC Confidential 2005
"PhotoStitch" = Canon Utilities PhotoStitch
"Privacy Guardian_is1" = Privacy Guardian 4.1
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Reason Adapted for Digidesign_is1" = Reason Adapted for Digidesign 3.0.4
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works Calendar" = Microsoft Works Calendar 1.0
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2010 1:50:25 AM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 1:50:54 AM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/21/2010 1:53:30 AM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 1:53:30 AM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 7:43:40 PM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 8:10:35 PM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 8:11:38 PM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 10:12:16 PM | Computer Name = AUGUST292004 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.

Error - 1/24/2010 6:01:24 PM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/27/2010 12:17:12 AM | Computer Name = AUGUST292004 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/27/2010 10:32:37 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:33:49 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:35:02 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:36:16 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:37:28 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:38:42 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:39:56 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:41:08 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:42:22 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 1/27/2010 10:43:34 PM | Computer Name = AUGUST292004 | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.


< End of report >

SteveH
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-26
OS OS : windows xp
Points Points : 25143
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware has taken over computer: Trojan spm/lx perhaps

Post by Belahzur on 28th January 2010, 5:36 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Combo-fix would not run

Post by SteveH on 29th January 2010, 3:00 am

Downloaded it via laptop and then pen drive to infected computer. Turned off windows firewall but cant turn off McAfee as the virus wont let it open. (Note I cannot open any of the links you provide as I either get re-directed or it simply will not go to the page). Combo-fix sent a message saying it was compromised -- virut. It also noted McAfee virus scan was working. So I may need to uninstall it since I cant turn it off? I will go to bleeping computer to get a new copy of combo-fix. Other suggestions???

SteveH
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-01-26
OS OS : windows xp
Points Points : 25143
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Unknown malware has taken over computer: Trojan spm/lx perhaps

Post by Belahzur on 29th January 2010, 5:40 pm

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum