Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I suspect a keylogger or malware on my pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I suspect a keylogger or malware on my pc

Unread postby auburn28 » April 24th, 2009, 5:49 am

I suspect a "friend" may have installed a keylogger or similar software on my computer. Do you see anything here that might be tracking my internet activity and relaying it to someone else?

Thank you!
Amy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:32 AM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?Mye ... ons.Page=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.238.65.108:6649
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IdentityPatrol] C:\Program Files\IdentityPatrol\IdentityPatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8395343875
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8440289484
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/act ... Upload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj5600 - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj5600.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 13836 bytes
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am
Advertisement
Register to Remove

Re: I suspect a keylogger or malware on my pc

Unread postby MWR 3 day Mod » April 28th, 2009, 9:40 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I suspect a keylogger or malware on my pc

Unread postby Carolyn » April 30th, 2009, 3:13 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Step 1

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 4th, 2009, 5:50 am

Thank you Carolyn! I really appreciate your help. Everything seemed to work fine.
Here are my files:


Attach.txt

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2008 8:05:47 PM
System Uptime: 5/3/2009 9:28:18 AM (19 hours ago)

Motherboard: ASUSTek Computer INC. | | EMERY
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 172.647 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.42 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP271: 2/2/2009 7:49:01 PM - System Checkpoint
RP272: 2/3/2009 10:37:21 PM - System Checkpoint
RP273: 2/5/2009 12:22:21 AM - System Checkpoint
RP274: 2/6/2009 8:10:13 AM - System Checkpoint
RP275: 2/7/2009 7:44:53 PM - System Checkpoint
RP276: 2/9/2009 1:10:01 PM - System Checkpoint
RP277: 2/10/2009 2:29:31 PM - System Checkpoint
RP278: 2/11/2009 3:00:23 PM - Software Distribution Service 3.0
RP279: 2/12/2009 4:44:07 PM - System Checkpoint
RP280: 2/13/2009 8:59:55 PM - Installed FriendFinder Messenger v4.1
RP281: 2/13/2009 9:25:00 PM - Removed FriendFinder Messenger v4.1
RP282: 2/14/2009 10:36:58 PM - System Checkpoint
RP283: 2/16/2009 8:57:14 PM - System Checkpoint
RP284: 2/17/2009 9:55:32 PM - System Checkpoint
RP285: 2/19/2009 2:40:07 AM - System Checkpoint
RP286: 2/20/2009 9:04:34 AM - Installed PayPal Plug-In
RP287: 2/21/2009 2:27:37 PM - System Checkpoint
RP288: 2/22/2009 3:14:04 PM - System Checkpoint
RP289: 2/22/2009 5:03:29 PM - Installed Windows XP Winter Fun Pack Screensavers
RP290: 2/22/2009 5:07:36 PM - Installed Windows XP Winter Fun Pack for Windows Media Player 9 Series
RP291: 2/24/2009 6:10:50 PM - System Checkpoint
RP292: 2/24/2009 11:18:40 PM - Software Distribution Service 3.0
RP293: 2/25/2009 4:55:43 PM - Software Distribution Service 3.0
RP294: 2/26/2009 3:00:15 PM - Software Distribution Service 3.0
RP295: 2/27/2009 3:00:15 PM - Software Distribution Service 3.0
RP296: 2/28/2009 3:00:15 PM - Software Distribution Service 3.0
RP297: 3/1/2009 6:21:32 PM - System Checkpoint
RP298: 3/2/2009 10:50:38 PM - Software Distribution Service 3.0
RP299: 3/3/2009 3:00:15 PM - Software Distribution Service 3.0
RP300: 3/4/2009 3:00:15 PM - Software Distribution Service 3.0
RP301: 3/5/2009 3:24:11 PM - System Checkpoint
RP302: 3/6/2009 3:00:15 PM - Software Distribution Service 3.0
RP303: 3/7/2009 3:00:16 PM - Software Distribution Service 3.0
RP304: 3/8/2009 2:00:19 PM - Software Distribution Service 3.0
RP305: 3/9/2009 2:00:15 PM - Software Distribution Service 3.0
RP306: 3/10/2009 5:56:15 PM - System Checkpoint
RP307: 3/11/2009 2:00:19 PM - Software Distribution Service 3.0
RP308: 3/11/2009 9:36:14 PM - Software Distribution Service 3.0
RP309: 3/12/2009 2:00:15 PM - Software Distribution Service 3.0
RP310: 3/13/2009 4:33:49 AM - Software Distribution Service 3.0
RP311: 3/13/2009 9:26:43 PM - Software Distribution Service 3.0
RP312: 3/14/2009 2:00:15 PM - Software Distribution Service 3.0
RP313: 3/15/2009 12:43:23 AM - Software Distribution Service 3.0
RP314: 3/15/2009 3:00:15 PM - Software Distribution Service 3.0
RP315: 3/16/2009 6:52:02 PM - System Checkpoint
RP316: 3/16/2009 7:07:19 PM - Software Distribution Service 3.0
RP317: 3/17/2009 7:33:20 PM - System Checkpoint
RP318: 3/17/2009 9:52:26 PM - Software Distribution Service 3.0
RP319: 3/18/2009 4:55:19 AM - Removed Java(TM) 6 Update 10
RP320: 3/18/2009 4:56:00 AM - Installed Java(TM) 6 Update 12
RP321: 3/18/2009 6:05:58 AM - Software Distribution Service 3.0
RP322: 3/19/2009 2:12:08 AM - Software Distribution Service 3.0
RP323: 3/19/2009 12:39:03 PM - Removed ChristmasTheme
RP324: 3/19/2009 5:11:38 PM - Software Distribution Service 3.0
RP325: 3/20/2009 4:26:22 PM - Software Distribution Service 3.0
RP326: 3/21/2009 5:31:02 PM - System Checkpoint
RP327: 3/22/2009 3:10:24 AM - Software Distribution Service 3.0
RP328: 3/22/2009 4:56:20 AM - Software Distribution Service 3.0
RP329: 3/22/2009 3:57:10 PM - Software Distribution Service 3.0
RP330: 3/23/2009 5:06:50 PM - System Checkpoint
RP331: 3/23/2009 10:10:48 PM - Software Distribution Service 3.0
RP332: 3/23/2009 10:38:32 PM - Software Distribution Service 3.0
RP333: 3/24/2009 6:30:55 AM - Software Distribution Service 3.0
RP334: 3/24/2009 4:32:31 PM - Software Distribution Service 3.0
RP335: 3/25/2009 3:06:10 PM - Software Distribution Service 3.0
RP336: 3/26/2009 3:00:15 PM - Software Distribution Service 3.0
RP337: 3/27/2009 5:03:08 AM - Software Distribution Service 3.0
RP338: 3/28/2009 4:49:00 AM - Software Distribution Service 3.0
RP339: 3/28/2009 3:00:16 PM - Software Distribution Service 3.0
RP340: 3/29/2009 3:55:38 PM - System Checkpoint
RP341: 3/30/2009 3:00:17 PM - Software Distribution Service 3.0
RP342: 3/31/2009 3:14:03 PM - System Checkpoint
RP343: 4/1/2009 3:00:15 PM - Software Distribution Service 3.0
RP344: 4/1/2009 4:31:55 PM - Installed Java(TM) 6 Update 13
RP345: 4/2/2009 3:00:15 PM - Software Distribution Service 3.0
RP346: 4/3/2009 4:27:28 PM - Software Distribution Service 3.0
RP347: 4/4/2009 3:00:16 PM - Software Distribution Service 3.0
RP348: 4/5/2009 3:00:15 PM - Software Distribution Service 3.0
RP349: 4/6/2009 3:33:24 PM - System Checkpoint
RP350: 4/7/2009 3:00:15 PM - Software Distribution Service 3.0
RP351: 4/8/2009 4:48:57 AM - Software Distribution Service 3.0
RP352: 4/8/2009 5:18:03 PM - Installed Desktop Doctor
RP353: 4/8/2009 10:11:15 PM - Software Distribution Service 3.0
RP354: 4/9/2009 5:40:01 AM - Installed FriendFinder Messenger v4.1
RP355: 4/9/2009 5:48:28 AM - Removed FriendFinder Messenger v4.1
RP356: 4/9/2009 5:04:25 PM - Software Distribution Service 3.0
RP357: 4/10/2009 5:56:12 AM - Software Distribution Service 3.0
RP358: 4/10/2009 10:13:02 PM - Software Distribution Service 3.0
RP359: 4/11/2009 10:31:47 PM - System Checkpoint
RP360: 4/12/2009 9:23:29 PM - Software Distribution Service 3.0
RP361: 4/13/2009 3:00:15 PM - Software Distribution Service 3.0
RP362: 4/14/2009 3:00:15 PM - Software Distribution Service 3.0
RP363: 4/15/2009 2:31:20 PM - Software Distribution Service 3.0
RP364: 4/15/2009 3:00:14 PM - Software Distribution Service 3.0
RP365: 4/15/2009 3:20:01 PM - Removed Desktop Doctor
RP366: 4/15/2009 3:29:42 PM - Removed Windows XP Winter Fun Pack for Windows Media Player 9 Series
RP367: 4/15/2009 3:29:53 PM - Removed Windows XP Winter Fun Pack Screensavers
RP368: 4/16/2009 4:41:23 PM - System Checkpoint
RP369: 4/16/2009 10:59:18 PM - Software Distribution Service 3.0
RP370: 4/17/2009 3:00:15 PM - Software Distribution Service 3.0
RP371: 4/18/2009 4:55:45 PM - System Checkpoint
RP372: 4/19/2009 3:00:15 PM - Software Distribution Service 3.0
RP373: 4/20/2009 5:26:53 PM - System Checkpoint
RP374: 4/21/2009 7:09:19 PM - System Checkpoint
RP375: 4/22/2009 8:15:12 PM - System Checkpoint
RP376: 4/23/2009 3:00:16 PM - Software Distribution Service 3.0
RP377: 4/24/2009 3:00:15 PM - Software Distribution Service 3.0
RP378: 4/25/2009 5:15:24 PM - System Checkpoint
RP379: 4/26/2009 12:25:41 AM - Software Distribution Service 3.0
RP380: 4/26/2009 5:49:20 AM - Software Distribution Service 3.0
RP381: 4/26/2009 3:00:16 PM - Software Distribution Service 3.0
RP382: 4/27/2009 9:29:43 PM - System Checkpoint
RP383: 4/28/2009 3:00:15 PM - Software Distribution Service 3.0
RP384: 4/29/2009 12:58:35 AM - Software Distribution Service 3.0
RP385: 4/29/2009 1:29:28 AM - Removed Crysis(R) SP Demo.
RP386: 4/29/2009 1:45:26 AM - Software Distribution Service 3.0
RP387: 4/29/2009 4:26:12 AM - Software Distribution Service 3.0
RP388: 4/29/2009 4:54:46 AM - Software Distribution Service 3.0
RP389: 4/29/2009 11:51:25 AM - Installed DirectX 9.0
RP390: 4/30/2009 10:28:00 AM - Installed Crysis(R) SP Demo.
RP391: 4/30/2009 10:33:41 AM - Installed DirectX
RP392: 4/30/2009 5:28:50 PM - Installed Zoo Tycoon2 - Marine Mania Demo
RP393: 5/1/2009 5:33:17 PM - System Checkpoint
RP394: 5/2/2009 6:23:57 PM - System Checkpoint
RP395: 5/3/2009 9:47:14 PM - System Checkpoint

==== Installed Programs ======================

Active Desktop Calendar 7.46
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0
Adobe Reader 8.1.4
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
ArcSoft VideoImpression 2
Battlefield 2142
BufferChm
CameraDrivers
Compatibility Pack for the 2007 Office system
Concord Telephony Translation
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
Crysis(R) SP Demo
CTIAPI32 (remove only)
CtiLogC (remove only)
CueTour
Customer Experience Enhancement
Destinations
DocProc
DocumentViewer
DocumentViewerQFolder
Enhanced Multimedia Keyboard Solution
Fax
Fax_CDA
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
hp deskjet 5600 series
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Driver Diagnostics
HP DVD Play 1.0
HP Imaging Device Functions 6.0
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP Print Diagnostic Utility
hp print screen utility
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LightScribe 1.4.62.1
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Microsoft Windows Theme Nunavut
Microsoft Works
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.10)
MP3 Player Utilities 4.18
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
MyDSC2
NewCopy
NewCopy_CDA
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OptionalContentQFolder
Otto
PanoStandAlone
PayPal Plug-In
PhotoGallery
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Readme
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shop for HP Supplies
SkinsHP1
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
TrayApp
Tweak UI
Uninstall Dual Mode Camera
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VGA USB Camera
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
Yahoo! SiteBuilder
Zam Beezee
Zoo Tycoon 2 Endangered Species Trial
Zoo Tycoon2 - Marine Mania Demo

==== Event Viewer Messages From Past Week ========

5/1/2009 8:37:08 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 5 time(s).
4/30/2009 5:32:02 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
4/30/2009 10:34:37 AM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
4/30/2009 10:19:57 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/30/2009 10:15:38 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2009 3:11:12 AM, error: Service Control Manager [7034] - The MBackMonitor service terminated unexpectedly. It has done this 1 time(s).


DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 4:32:42.50 on Mon 05/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://k2b-bulk.ebay.com/ws/eBayISAPI.d ... RK:ME:LNLK
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyServer = 66.238.65.108:6649
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DeviceDiscovery] c:\program files\hp\digital imaging\bin\hpotdd01.exe
mRun: [Monitor] c:\windows\pixart\pac7311\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IdentityPatrol] c:\program files\identitypatrol\IdentityPatrol.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/Shar ... vSniff.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/e/37.09 ... oader2.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8395343875
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8440289484
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/act ... Upload.ocx
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-l ... cfscan.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\yrwz2bxw.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-19 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-19 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-3-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-19 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-19 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-19 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-19 40488]
S2 hpdj5600;hpdj5600;c:\docume~1\hp_adm~1\locals~1\temp\hpdj5600.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product=5600 --> c:\docume~1\hp_adm~1\locals~1\temp\hpdj5600.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product=5600 [?]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2008-9-10 530304]

============== File Associations ===============

txtfile="c:\program files\jgsoft\editpadpro6\EditPadPro.exe" "%1"

=============== Created Last 30 ================

2009-04-29 11:55 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Microsoft Games
2009-04-29 11:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microsoft Games
2009-04-29 11:50 <DIR> --d----- c:\program files\Microsoft Games
2009-04-29 06:18 26 a------- c:\windows\Zone.Identifier
2009-04-29 05:08 <DIR> --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-04-29 05:07 <DIR> --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-04-29 05:05 <DIR> --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-04-29 05:04 <DIR> --d----- c:\windows\ie8updates
2009-04-29 05:04 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-29 05:02 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 04:54 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-29 04:34 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-29 04:33 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 04:33 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-29 04:33 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 04:33 <DIR> --d----- C:\2a4190758bb630f09528e7
2009-04-29 04:33 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-29 04:33 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 04:33 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-29 04:33 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-23 18:35 <DIR> --d----- c:\program files\Trend Micro
2009-04-23 05:56 1,002,044 a------- c:\windows\system32\IDPExe.zip
2009-04-23 05:56 1,669,117 a------- c:\windows\system32\IDPSig.zip
2009-04-23 05:56 76 a------- c:\windows\system32\IDPVer.ini
2009-04-23 05:37 2,358 a------- c:\windows\system32\10003.sks
2009-04-23 05:37 1,039 a------- c:\windows\system32\10002.sks
2009-04-23 05:37 463 a------- c:\windows\system32\10001.sks
2009-04-23 05:37 0 a------- c:\windows\system32\10004.sks
2009-04-23 05:21 2,380 a------- c:\windows\system32\BlockedCookies
2009-04-23 05:21 1,568 a------- c:\windows\system32\sk_bho.ini
2009-04-23 05:20 <DIR> --d----- c:\program files\IdentityPatrol
2009-04-21 16:30 <DIR> --d----- C:\hegames
2009-04-21 16:29 668 a------- c:\windows\hegames.ini
2009-04-15 03:00 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 03:00 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-02-20 13:09 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-09 07:10 729,088 -------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:10 714,752 -------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 07:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 07:10 617,472 -------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 07:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 07:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 06:11 110,592 -------- c:\windows\system32\services.exe
2009-02-06 06:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 06:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 05:39 35,328 -------- c:\windows\system32\sc.exe
2009-02-06 05:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 05:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 05:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 14:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2006-10-16 12:01 22 -c-sh--- c:\windows\sminst\HPCD.SYS
2008-08-19 22:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 4:33:22.65 ===============




GMER.txt

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-04 04:40:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB0D699AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0D69A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0D69958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB0D6996C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0D69A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB0D69A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB0D69AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB0D69AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB0D699EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB0D69B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB0D69A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0D69930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0D69944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB0D699BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB0D69B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB0D69AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB0D69AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB0D69A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0D69B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB0D69B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0D69996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0D69982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB0D69A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB0D69A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB0D69B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB0D69A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB0D699D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)

---- EOF - GMER 1.0.15 ----
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby Carolyn » May 4th, 2009, 12:26 pm

Hi,

So far, so good. The logs you have posted are clean. Let's run a few more scans to be certain.


Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Next,
  1. Please download OTListIt2 by OldTimer from Geeks to Go. Save it your desktop.
  2. Double click on OTListIt2.exe to run it.
  3. Under Extra Registry section, select Use SafeList.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.

Please post the following:
  • The Malwarebytes' log
  • The OTListIt2 logfile
  • The OTListIt2 Extras logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 4th, 2009, 7:59 pm

That's good news so far! Thank you =)
Here are the new logs


Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 3

5/4/2009 6:37:24 PM
mbam-log-2009-05-04 (18-37-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 248924
Time elapsed: 1 hour(s), 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 4th, 2009, 8:01 pm

OTListIt logfile created on: 5/4/2009 6:45:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.15% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 172.63 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.42 Gb Free Space | 4.92% Space Free | Partition Type: FAT32
Drive E: | 312.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 982.13 Mb Total Space | 946.23 Mb Free Space | 96.35% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HPA1440N
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/02/21 16:59:00 | 00,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2005/11/01 12:01:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
PRC - [2006/11/03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7311\Monitor.exe
PRC - [2006/01/11 19:23:34 | 15,961,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/03/27 13:38:50 | 03,723,264 | ---- | M] (XemiComputers ltd.) -- C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
PRC - [2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/02/21 16:58:34 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/12/19 04:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2005/12/14 16:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
PRC - [2008/09/13 18:51:56 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2005/01/14 09:32:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe
PRC - [2005/11/08 16:51:54 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/12/18 12:14:14 | 00,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/05/04 18:44:53 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/11/08 16:51:54 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (hpdj [Auto | Stopped])
SRV - [2006/01/13 02:14:56 | 00,278,528 | ---- | M] (HP) -- C:\WINDOWS\System32\hpdj5600 -- (hpdj5600 [Auto | Stopped])
SRV - [2006/02/21 16:58:34 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/12/19 04:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Stopped])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/12/14 16:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/09/13 18:51:56 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2005/01/14 09:32:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2005/10/20 18:01:56 | 01,095,009 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2004/10/14 18:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/11/08 16:51:40 | 00,007,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ELacpi.sys -- (ELacpi [On_Demand | Running])
DRV - [2005/11/08 16:51:18 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELhid.sys -- (ELhid [System | Running])
DRV - [2005/11/08 16:51:22 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELkbd.sys -- (ELkbd [System | Running])
DRV - [2005/11/08 16:51:38 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmon.sys -- (ELmon [System | Running])
DRV - [2005/11/08 16:51:20 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ELmou.sys -- (ELmou [System | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/02/21 16:44:30 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/01/13 19:13:18 | 04,137,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2005/12/14 16:51:00 | 03,580,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/11/08 09:59:50 | 00,530,304 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS -- (PAC7311 [On_Demand | Stopped])
DRV - [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/09 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/22 21:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/24 17:21:22 | 00,038,937 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.d ... RK:ME:LNLK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC CF 3D 3C B2 C8 C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/18 04:56:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/29 04:36:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 23:37:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 23:37:41 | 00,000,000 | ---D | M]

[2009/01/20 19:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/01/20 19:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/20 19:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\yrwz2bxw.default\extensions
[2009/05/03 05:02:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 23:37:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/18 04:56:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 16:32:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 23:37:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 23:37:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 14:43:41 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 14:43:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/07 14:43:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 14:43:41 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 14:43:41 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 14:43:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 14:43:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdentityPatrol] C:\Program Files\IdentityPatrol\IdentityPatrol.exe File not found
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab (UploadListView Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab (EPUImageControl Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (DeviceEnum Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8395343875 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8440289484 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (DDRevision Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab (EPUImageControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/act ... Upload.ocx (Persits Software XUpload)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/13 20:34:35 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [1999/10/27 09:16:10 | 00,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/04 18:44:53 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/04 17:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009/05/04 17:28:20 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/04 17:28:20 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/04 17:28:17 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/04 17:28:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/04 17:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/04 17:07:19 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/05/04 04:34:30 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2009/05/04 04:34:12 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2009/05/04 04:31:53 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/04/30 17:29:17 | 00,001,919 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 - Marine Mania Demo.lnk
[2009/04/30 10:32:31 | 00,001,048 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Crysis SP Demo.lnk
[2009/04/30 10:15:29 | 19,020,19901 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe
[2009/04/30 08:56:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/04/30 08:56:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/04/30 08:56:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/04/29 11:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft Games
[2009/04/29 11:55:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Games
[2009/04/29 11:52:48 | 00,002,034 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 Endangered Species Trial.lnk
[2009/04/29 11:51:34 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/04/29 11:51:34 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/04/29 11:51:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/04/29 11:51:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/04/29 11:51:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/04/29 11:51:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009/04/29 11:51:34 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2009/04/29 11:51:34 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/04/29 11:51:34 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/04/29 11:51:33 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2009/04/29 11:51:33 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2009/04/29 11:51:32 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2009/04/29 11:51:30 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2009/04/29 11:51:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2009/04/29 11:51:26 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2009/04/29 11:51:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2009/04/29 11:51:25 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2009/04/29 11:51:25 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2009/04/29 11:51:25 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2009/04/29 11:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/04/29 06:18:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009/04/29 05:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2009/04/29 05:04:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/29 05:04:34 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/29 05:02:21 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/29 04:54:41 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/29 04:34:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/29 04:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/29 04:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/29 04:33:59 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/29 04:33:59 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/29 04:33:59 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/29 04:33:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/29 04:33:58 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/29 04:33:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/29 04:33:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/29 04:33:58 | 00,000,000 | ---D | C] -- C:\2a4190758bb630f09528e7
[2009/04/26 16:09:02 | 00,295,948 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\checkcopy8632.gif
[2009/04/23 18:35:50 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/23 18:35:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/23 05:56:12 | 01,002,044 | ---- | C] () -- C:\WINDOWS\System32\IDPExe.zip
[2009/04/23 05:56:11 | 01,669,117 | ---- | C] () -- C:\WINDOWS\System32\IDPSig.zip
[2009/04/23 05:56:10 | 00,000,076 | ---- | C] () -- C:\WINDOWS\System32\IDPVer.ini
[2009/04/23 05:37:16 | 00,002,358 | ---- | C] () -- C:\WINDOWS\System32\10003.sks
[2009/04/23 05:37:16 | 00,001,039 | ---- | C] () -- C:\WINDOWS\System32\10002.sks
[2009/04/23 05:37:16 | 00,000,463 | ---- | C] () -- C:\WINDOWS\System32\10001.sks
[2009/04/23 05:37:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10004.sks
[2009/04/23 05:21:31 | 00,002,380 | ---- | C] () -- C:\WINDOWS\System32\BlockedCookies
[2009/04/23 05:21:21 | 00,001,568 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
[2009/04/23 05:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\IdentityPatrol
[2009/04/21 16:30:01 | 00,000,000 | ---D | C] -- C:\hegames
[2009/04/21 16:29:50 | 00,000,668 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/04/19 15:51:54 | 00,008,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lowes_4_19_2009 copy.gif
[2009/04/19 15:51:31 | 00,017,658 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lowes_4_19_2009.psd
[2009/04/15 15:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
[2009/04/15 03:01:19 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 03:01:19 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 03:01:19 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 03:01:19 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 03:01:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 03:01:18 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 03:01:18 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 03:01:18 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 03:01:18 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 03:00:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 03:00:52 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/22 04:48:48 | 00,000,105 | ---- | C] () -- C:\WINDOWS\CacheR5.ini
[2009/02/01 13:06:53 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/02/01 13:06:53 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2009/02/01 13:06:53 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2009/02/01 13:06:53 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2009/02/01 13:06:53 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2009/02/01 13:06:53 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2009/02/01 13:06:53 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2009/02/01 13:06:53 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2009/02/01 13:06:53 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2009/02/01 13:06:53 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2009/02/01 13:06:53 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2009/02/01 13:06:53 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2009/02/01 13:06:53 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2009/02/01 13:06:53 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2009/02/01 13:06:53 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2009/02/01 13:06:53 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2009/02/01 13:06:53 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2009/02/01 13:06:53 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2009/02/01 13:06:53 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2009/02/01 13:06:51 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/28 23:27:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/28 15:57:53 | 00,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/01/24 11:40:02 | 00,000,325 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/12/16 10:54:54 | 00,170,424 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/12/16 10:54:54 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/13 18:52:09 | 00,139,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/05/06 22:33:41 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.INI
[2008/04/17 21:19:39 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/04/17 21:19:26 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/04/17 21:05:03 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/04/17 08:45:59 | 00,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2008/04/17 08:45:55 | 00,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2008/04/17 08:45:55 | 00,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2008/04/17 08:45:50 | 00,000,019 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2008/04/17 08:45:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2008/04/16 22:30:09 | 00,003,339 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/20 13:32:40 | 05,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll
[2007/11/20 13:32:40 | 00,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll
[2007/11/20 13:32:40 | 00,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll
[2007/11/20 13:32:39 | 04,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll
[2007/11/20 13:32:39 | 00,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll
[2007/11/20 13:32:39 | 00,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll
[2007/11/20 13:32:39 | 00,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll
[2007/03/30 13:31:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2006/03/06 11:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/02/13 21:03:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/13 20:40:20 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/02/13 20:37:20 | 00,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/02/13 20:37:13 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/02/13 20:35:00 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/13 20:32:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/13 20:24:02 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/13 20:22:52 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/13 20:10:38 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/13 20:07:38 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/13 20:07:38 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/13 20:07:38 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/13 20:07:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/13 20:07:38 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/13 20:06:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/13 19:46:38 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/13 19:46:38 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/13 19:46:20 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 16:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 23:02:00 | 00,000,904 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 15:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/03/20 00:00:00 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 00,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/04 18:45:08 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/04 18:44:53 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/05/04 18:42:05 | 00,014,495 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/04 18:41:30 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/04 18:41:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
[2009/05/04 18:41:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 18:41:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 17:28:20 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/04 17:07:19 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009/05/04 04:34:40 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2009/05/04 04:34:12 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2009/05/04 04:32:12 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2009/05/02 21:15:23 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/04/30 17:29:17 | 00,001,919 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 - Marine Mania Demo.lnk
[2009/04/30 10:32:31 | 00,001,048 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Crysis SP Demo.lnk
[2009/04/30 10:18:25 | 19,020,19901 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe
[2009/04/29 11:52:48 | 00,002,034 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zoo Tycoon 2 Endangered Species Trial.lnk
[2009/04/29 05:05:56 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2009/04/29 05:04:31 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/29 04:56:58 | 00,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/29 04:56:58 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/29 04:56:58 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/29 04:53:25 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/29 04:41:39 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/29 01:08:24 | 00,001,568 | ---- | M] () -- C:\WINDOWS\System32\sk_bho.ini
[2009/04/29 00:57:11 | 00,000,904 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/29 00:57:11 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/04/29 00:57:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/26 16:09:10 | 00,295,948 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\checkcopy8632.gif
[2009/04/23 18:35:50 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/04/23 06:02:01 | 00,002,358 | ---- | M] () -- C:\WINDOWS\System32\10003.sks
[2009/04/23 06:02:01 | 00,001,039 | ---- | M] () -- C:\WINDOWS\System32\10002.sks
[2009/04/23 06:02:01 | 00,000,463 | ---- | M] () -- C:\WINDOWS\System32\10001.sks
[2009/04/23 06:02:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10004.sks
[2009/04/23 06:00:18 | 00,002,380 | ---- | M] () -- C:\WINDOWS\System32\BlockedCookies
[2009/04/23 05:56:12 | 01,002,044 | ---- | M] () -- C:\WINDOWS\System32\IDPExe.zip
[2009/04/23 05:56:12 | 00,000,076 | ---- | M] () -- C:\WINDOWS\System32\IDPVer.ini
[2009/04/23 05:56:11 | 01,669,117 | ---- | M] () -- C:\WINDOWS\System32\IDPSig.zip
[2009/04/22 17:07:48 | 00,000,668 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2009/04/21 05:01:24 | 00,117,248 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Thumbs.db
[2009/04/20 17:55:44 | 00,018,187 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\xxxxxxxxxx.csv
[2009/04/19 15:51:56 | 00,008,887 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lowes_4_19_2009 copy.gif
[2009/04/19 15:51:31 | 00,017,658 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Lowes_4_19_2009.psd
[2009/04/15 15:28:43 | 00,000,325 | ---- | M] () -- C:\WINDOWS\KA.INI
[2009/04/13 04:55:30 | 00,000,105 | ---- | M] () -- C:\WINDOWS\CacheR5.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CF1CE71
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBBD301A
< End of report >
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 4th, 2009, 8:02 pm

OTListIt Extras logfile created on: 5/4/2009 6:45:32 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.15% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.33 Gb Total Space | 172.63 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.42 Gb Free Space | 4.92% Space Free | Partition Type: FAT32
Drive E: | 312.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 982.13 Mb Total Space | 946.23 Mb Free Space | 96.35% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HPA1440N
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/05/12 09:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 10:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/06/03 19:50:00 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/06/03 19:50:14 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/06/03 19:45:46 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/11 07:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/11 07:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/06/03 20:12:34 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/11 07:34:02 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/06/03 19:51:06 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 10:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 10:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/06/03 20:06:04 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/22 01:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
[2008/05/21 13:33:10 | 08,419,956 | ---- | M] () -- C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
[2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
File not found -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
[2005/09/28 16:55:44 | 03,883,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Zoo Tycoon 2 Endangered Species Trial Version\zt.exe:*:Enabled:Zoo Tycoon 2 Endangered Species Trial Version Executable
[2007/10/22 17:07:42 | 02,667,744 | ---- | M] (Crytek GmbH) -- C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1DDF840B-A50A-491E-BF44-6D6964C451A8}" = VGA USB Camera
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110442960}" = Zam Beezee
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel(R) Quick Resume Technology Drivers
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDBE4583-26AB-4DBE-8263-07836871002D}" = Zoo Tycoon2 - Marine Mania Demo
"Active Desktop Calendar_is1" = Active Desktop Calendar 7.46
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Concord Telephony Translation" = Concord Telephony Translation
"CTIAPI32" = CTIAPI32 (remove only)
"CtiLogC" = CtiLogC (remove only)
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5600 series_Driver" = hp deskjet 5600 series
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"hp print screen utility" = hp print screen utility
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{FDBE4583-26AB-4DBE-8263-07836871002D}" = Zoo Tycoon2 - Marine Mania Demo
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money 2007 Home & Business
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP3 Rocket" = MP3 Rocket
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Shop for HP Supplies" = Shop for HP Supplies
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Zoo Tycoon 2 ES Trial Version" = Zoo Tycoon 2 Endangered Species Trial

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2009 1:01:32 AM | Computer Name = HPA1440N | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2009 1:19:26 AM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4028 (0xfbc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 5/4/2009 4:48:26 AM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2864 (0xb30) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 5/4/2009 5:36:27 AM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3540 (0xdd4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 5/4/2009 6:07:16 PM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3560 (0xde8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\Program Files\Internet Explorer\IEXPLORE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/4/2009 6:53:41 PM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2624 (0xa40) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/4/2009 7:11:14 PM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1048 (0x418) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP324\A0048018.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/4/2009 7:40:10 PM | Computer Name = HPA1440N | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2009 7:40:11 PM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1876 (0x754) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\Program Files\Internet Explorer\IEXPLORE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/4/2009 7:44:53 PM | Computer Name = HPA1440N | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3572 (0xdf4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\HP_Administrator\Desktop\crysis_demo.exe

by C:\Program Files\Internet Explorer\IEXPLORE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 5/4/2009 6:07:17 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/4/2009 6:08:17 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Real-time Scanner service,
but this action failed with the following error: %%1056

Error - 5/4/2009 6:53:43 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/4/2009 7:11:18 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 5/4/2009 7:40:13 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 4 time(s).

Error - 5/4/2009 7:41:30 PM | Computer Name = HPA1440N | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/4/2009 7:41:41 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 5/4/2009 7:41:41 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7000
Description = The hpdj5600 service failed to start due to the following error: %%2

Error - 5/4/2009 7:41:54 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 IntelIde ViaIde

Error - 5/4/2009 7:44:54 PM | Computer Name = HPA1440N | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby Carolyn » May 6th, 2009, 12:27 pm

Hi,

Let's clean up a few things and do one more scan.

================

Uninstall Old Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.

=================

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

=================

Custom Fix with OTListIt2
  • Double-click OTListIt2.exe. (Vista users, please right click on OTListIt2.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\Program Files\IdentityPatrol
@C:\Documents and Settings\All Users\Application Data\TEMP:6CF1CE71
@C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@C:\Documents and Settings\All Users\Application Data\TEMP:DBBD301A

:OTLI
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)

:commands
[emptytemp]

  • Return to OTListIt2, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  • Click the red Run Fix button.
  • If OTListIt prompts for permission to reboot the computer, allow it to do so. After the reboot, you may need to double click OTListIt2 to launch the program and retrieve the log.
  • Copy and paste the contents of the OTListIt2 log in your next reply.

=================

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log along with the OTListIt log in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 7th, 2009, 5:57 am

Ok, done, here is the otlist:


========== FILES ==========
C:\Program Files\IdentityPatrol moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6CF1CE71 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DBBD301A deleted successfully.
========== OTLISTIT ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_7e8.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~ROMFN_000007D8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_3cpaRgZEBgndkPr scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_53c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV24.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05062009_161152

Files moved on Reboot...
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_7e8.dat not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log moved successfully.
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~ROMFN_000007D8 not found!
File C:\WINDOWS\temp\mcmsc_3cpaRgZEBgndkPr not found!
File C:\WINDOWS\temp\Perflib_Perfdata_53c.dat not found!
File C:\WINDOWS\temp\WFV24.tmp not found!

Registry entries deleted on Reboot...
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 7th, 2009, 5:58 am

Here is the Kaspersky scan report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 07, 2009 01:56:24
Records in database: 2139087
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 129333
Threat name: 3
Infected objects: 120
Suspicious objects: 15
Duration of the scan: 02:47:18


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\EBAY Archive.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 39
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 8
C:\MCCARTHYFOLDERS\Mail Backup\EBAY Archive.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\MCCARTHYFOLDERS\Mail Backup\EBAY Archive.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 80
C:\MCCARTHYFOLDERS\Mail Backup\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\MCCARTHYFOLDERS\Music\Wendy's Music\timbaland the way i are (hot remix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1

The selected area was scanned.
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby Carolyn » May 7th, 2009, 11:58 am

Hi,

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following file and delete it:

C:\MCCARTHYFOLDERS\Music\Wendy's Music\timbaland the way i are (hot remix).mp3 <<File

Now empty you’re Recycle Bin.

I recommend that you also delete these email backup files as there are infected emails contained within them:

C:\MCCARTHYFOLDERS\Mail Backup\EBAY Archive.dbx <<File
C:\MCCARTHYFOLDERS\Mail Backup\Sent Items.dbx <<File

===========================

There are also infected emails in the Outlook Express folders EBAY Archive and Sent Items. Let's use another scanner to try to identify specifically which emails are infected in Outlook Express.

BitDefender Online Scan

  • Please go to Bitdefender website to perform an online scan.
  • Click on I Agree.
  • You will be prompted to install an ActiveX. Please allow it and install it.
  • Under Select what you want to check for viruses, click on the Click here link.
    • Check (tick) the Desktop box.
    • Click on + sign next to My Computer. Uncheck (untick) your CD or DVD drive box(es).
    • Uncheck the Network box.
    • Click OK.
  • Under Settings, click on the Click here link.
    • Under Action options, select Report only option.
    • Click on the + sign next to Second Action.
    • Select Report only option.
    • Click OK.
  • Click on Click here to scan link.
  • It will start loading the antivirus scan engine and virus definitions and start the scan. This will take a while. Please be patient.
  • Click on Click here to export the scan report.
  • Click on Desktop on your left.
  • In the File Name box, copy and paste in Report.txt
  • In the Save As Type box, select Text (Tab Delimited) (*.txt) file.
  • Click Save.

Please post the contents of Report.txt along with a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I suspect a keylogger or malware on my pc

Unread postby auburn28 » May 7th, 2009, 7:53 pm

Hi Carolyn,

I may have missed a step when starting the last scan, because I did not get an exported report, but the scan found no problems. If you'd like me to re-run it, just let me know.

Here's a new hijack this log, and thanks again for your help! I'm surprised that we're finding as much as we are since I've always has McAfee or Norton installed and running.

Thanks,
Amy


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:29 PM, on 5/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://k2b-bulk.ebay.com/ws/eBayISAPI.d ... RK:ME:LNLK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.238.65.108:6649
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IdentityPatrol] C:\Program Files\IdentityPatrol\IdentityPatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8395343875
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8440289484
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/act ... Upload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj5600 - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj5600.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 11776 bytes
auburn28
Active Member
 
Posts: 9
Joined: April 24th, 2009, 5:46 am

Re: I suspect a keylogger or malware on my pc

Unread postby Carolyn » May 8th, 2009, 4:24 pm

Hi,

I think your computer is in good shape. You should take care of those infected emails though.

Please open Outlook Express.

Please move any emails that you feel you must keep out of the EBAY Archive and Sent Items folders.

After you have moved the emails that you wish to save, please empty your EBAY Archive and Sent Items folders. To do this right click on the folder and click "Empty Folder".

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders

If you did save any of the emails from those folders prior to emptying them, please scan with Kaspersky again to make certain that no infected emails remain.

==========================

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

    CleanUp! with OTListIt2
    • Double click OTListIt2.exe to launch the programme.
    • Click on the CleanUp! button.
    • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • When finished exit out of OTListIt2
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Clear Infected System Restore Points
      • Turn System Restore off
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Check Turn off System Restore.
      • Click Apply, and then click OK.
        Restart your computer

      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck *Turn off System Restore*.
      • Click Apply, and then click OK.
      Note: only do this once,and not on a regular basis


    • Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under Hidden files and folders if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check Display content of system folders
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK


    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

    • Malwarebytes' Anti-Malware or SuperAntiSpyware
      These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
      You can download SuperAntiSpyware from HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, Run and type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: I suspect a keylogger or malware on my pc

Unread postby NonSuch » May 14th, 2009, 2:22 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware