ComboFix LogComboFix 08-02-17.2 - Scott Oestriecher 2008-02-17 11:38:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.462 [GMT -6:00]
Running from: C:\Documents and Settings\Scott Oestriecher\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott Oestriecher\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\qwpscch.exe
C:\WINDOWS\system32\drvfob.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\uruo\
C:\Program Files\Common Files\uruo\\uruoa.lck
C:\Program Files\Common Files\uruo\\uruod\class-barrel
C:\Program Files\Common Files\uruo\\uruod\vocabulary
C:\Program Files\Common Files\uruo\\uruom.lck
C:\Program Files\Viewpoint\
C:\Program Files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0302021C__.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\\Viewpoint Media Player\MTSDownloadSites.txt
C:\WINDOWS\qwpscch.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 15:55 . 2008-02-16 15:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 15:54 . 2008-02-16 15:55 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-08 20:21 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-02-08 20:21 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-08 20:21 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-02-08 20:21 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-02-08 20:21 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-02-08 20:21 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-02-08 20:21 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-02-08 20:17 . 2008-02-08 20:20 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-08 20:17 . 2008-02-08 20:17 287,240 --a------ C:\dxwebsetup.exe
2008-02-08 20:13 . 2008-02-08 20:13 <DIR> d-------- C:\d3dx9_25
2008-02-08 20:12 . 2008-02-08 20:12 1,070,068 --a------ C:\d3dx9_25.zip
2008-02-08 20:10 . 2008-02-08 20:22 1,049,670 --a------ C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-02-08 20:06 . 2008-02-08 20:06 <DIR> d-------- C:\Program Files\ValuSoft
2008-02-08 20:06 . 2008-02-08 20:06 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-02-04 16:18 . 2008-02-04 16:18 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-04 16:18 . 2008-02-04 16:18 <DIR> d-------- C:\Documents and Settings\Scott Oestriecher\Application Data\Simply Super Software
2008-02-04 16:18 . 2008-02-04 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-04 16:18 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-02-04 16:18 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-04 16:18 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-02-04 16:18 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-04 16:18 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-02-04 16:17 . 2008-02-04 16:17 6,744,504 --a------ C:\trsetup.exe
2008-02-04 07:39 . 2008-02-04 07:39 2 --a------ C:\1968936263
2008-02-04 07:39 . 2008-02-09 06:50 0 --a------ C:\reg.reg
2008-02-04 06:31 . 2008-02-04 07:36 <DIR> d-------- C:\Program Files\MonopolyHereNowEdition_at
2008-02-04 06:31 . 2008-02-04 06:31 15,149,080 --a------ C:\monopolyherenowedition_at.exe
2008-02-04 06:30 . 2008-02-04 06:30 481,696 --a------ C:\monopoly3_ezone_stub.exe
2008-02-03 12:29 . 2008-02-03 13:04 <DIR> d-------- C:\Program Files\Monopoly
2008-02-03 12:29 . 2008-02-03 12:29 <DIR> d-------- C:\Documents and Settings\Scott Oestriecher\Application Data\SpinTop
2008-02-03 12:29 . 2008-02-09 08:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 12:27 . 2008-02-03 12:29 17,291,904 --a------ C:\MonopolyPBSetup.exe
2008-02-02 17:24 . 2008-02-02 17:25 1,445,916 --a------ C:\monopolie0.9.7.zip
2008-02-01 09:53 . 2008-02-01 09:53 8,333,227 --a------ C:\masm615.zip
2008-02-01 09:52 . 2008-02-01 09:52 <DIR> d-------- C:\system
2008-02-01 09:52 . 2008-02-01 09:52 <DIR> d-------- C:\Spelling
2008-02-01 09:52 . 2008-02-01 09:52 <DIR> d-------- C:\Samples
2008-02-01 09:50 . 2008-02-01 09:50 2,826,238 --a------ C:\txpeng510.exe
2008-01-24 20:57 . 2008-02-15 10:10 <DIR> d-------- C:\Masm615
2008-01-24 20:50 . 2008-02-01 09:45 <DIR> d-------- C:\Program Files\TextPad 5
2008-01-24 20:50 . 2008-01-24 20:50 <DIR> d-------- C:\Documents and Settings\Scott Oestriecher\Application Data\Helios
2008-01-21 08:48 . 2008-02-17 06:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 08:48 . 2008-01-21 08:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 08:46 . 2008-01-21 08:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-21 08:42 . 2008-01-21 08:43 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:28 --------- d-----w C:\Documents and Settings\Scott Oestriecher\Application Data\Viewpoint
2008-02-17 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-17 12:36 --------- d-----w C:\Program Files\SpywareGuard
2008-02-16 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-04 13:42 --------- d-----w C:\Program Files\Common Files\Real
2008-01-31 20:59 --------- d-----w C:\Documents and Settings\Scott Oestriecher\Application Data\AVG7
2008-01-25 03:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 14:47 --------- d-----w C:\Program Files\iPod
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:59 2,999,296 ----a-w C:\TextPad.exe
2008-01-03 04:26 --------- d-----w C:\Program Files\FLV Player
2008-01-03 04:25 3,332,023 ----a-w C:\Program Files\flvplayer_setup.exe
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-17 14:39 --------- d-----w C:\Documents and Settings\Scott Oestriecher\Application Data\MSNInstaller
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-09-21 03:02 18,895,728 ----a-w C:\Program Files\Install_Messenger.exe
2007-09-20 02:13 9,910,240 ----a-w C:\Program Files\Ruckus_Player_Setup-13967.exe
2007-08-13 14:13 50,005,304 ----a-w C:\Program Files\iTunesSetup.exe
2007-07-25 22:53 3,033 ----a-w C:\Program Files\MagicISO.Maker.5.4.+.Serial_[myBittorrent.com].torrent
2007-07-25 22:46 89,995 ----a-w C:\Program Files\Magic.ISO.Maker.v5.4_KEYGEN-FFF.zip
2007-07-25 22:38 2,727,279 ----a-w C:\Program Files\Setup_MagicISO.exe
2007-07-25 22:17 369,152 ----a-w C:\Program Files\ISORecorderV2RC1.msi
2007-07-25 22:16 380,857 ----a-w C:\Program Files\ISORecorderV2AMD64.zip
2007-07-23 13:44 1,103,524 ----a-w C:\Program Files\undisker.exe
2007-06-20 22:45 23,402,288 ----a-w C:\Program Files\AdbeRdr810_en_US.exe
2007-03-01 14:59 19,170,000 ----a-w C:\Program Files\avg75free_441a944.exe
2006-11-30 20:33 3,800,811 ----a-w C:\Program Files\wace265i.exe
2006-10-25 01:51 76,736 ----a-w C:\Program Files\MySpaceIM_Setup.exe
2006-03-19 09:59 15,487,432 ----a-w C:\Program Files\DivXPlay.exe
2006-03-07 22:07 1,126,968 ----a-w C:\Program Files\yphotos_setup_us.exe
2006-02-18 17:20 4,756,712 ----a-w C:\Program Files\GoogleVideoPlayerSetup.exe
2006-02-13 22:53 0 ----a-w C:\Documents and Settings\Scott Oestriecher\project1.exe
2006-02-13 21:38 8,188,542 ----a-w C:\Program Files\devcpp4.zip
2006-02-13 20:25 492 ----a-w C:\Documents and Settings\Scott Oestriecher\Application Data\wklnhst.dat
2006-02-12 07:21 337,189,711 ----a-w C:\Program Files\MS Office 2003.zip
2006-02-11 21:11 9,326,468 ----a-w C:\Program Files\devcpp-4.9.9.2_setup.exe
2006-01-28 13:58 5,562 ----a-w C:\Program Files\WindowsScreenshots.Theme
2006-01-19 20:17 47,659,176 ----a-w C:\Program Files\iPodSetup.exe
2006-01-13 20:55 643,711 ----a-w C:\Program Files\XviD-1.1.0-30122005.exe
2006-01-03 13:06 2,699,256 ----a-w C:\Program Files\ESPNRunTimeSetup.exe
2005-12-26 02:00 3,658,001 ----a-w C:\Program Files\3GP_Converter034.zip
2005-12-23 17:29 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2005-11-29 01:17 6,799,296 ----a-w C:\Program Files\smartdraw_fr_install.exe
2005-11-08 00:13 4,517,296 ----a-w C:\Program Files\MathType52Setup.exe
2005-10-24 21:40 3,369,872 ----a-w C:\Program Files\PokerStarsInstallPM.exe
2005-10-20 22:44 11,772,680 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-10-14 01:17 8,715,352 ----a-w C:\Program Files\Install_AIM.exe
2005-10-13 18:25 894,976 ----a-w C:\Program Files\iview397.exe
2005-10-11 19:11 3,983,840 ----a-w C:\Program Files\PartyPokerSetup.exe
2004-05-10 20:40 18,892,800 ----a-w C:\Program Files\TIConnectV1.5.2(Beta2).exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 15:17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11 794624]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54 253952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-07 18:53 188416]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-30 15:34 180269]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 13:39 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-01 14:42 743504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 07:16 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-08 18:04 4898816]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 15:17 68856]
C:\Documents and Settings\Scott Oestriecher\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 10:07:30 569405]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-05-09 15:08]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-05-09 15:08]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 09:00]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027385c7-be6e-11da-9fd9-0014a518e927}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97252166-c741-11db-a158-0010c6c4a277}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac4232b6-8d53-11dc-a26e-0014a518e927}]
\Shell\AutoRun\command - E:\DTE_Privacy_launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 14:24:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-17 17:44:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-17 11:44:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?0?4?1??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 11:46:10
ComboFix-quarantined-files.txt 2008-02-17 17:46:04
ComboFix2.txt 2008-02-17 12:53:38
.
2008-02-13 00:37:07 --- E O F ---
HijackThis LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:29 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.uno.edu/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...a...n&pf=laptopR3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) -
http://www.worldwinn...5/pool/pool.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgree...eensActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...01/mcinsctl.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinn...v45/sol/sol.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,26/mcgdmgr.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...774/mcfscan.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
--
End of file - 13116 bytes
This topic is locked
Sign In
Create Account
