I am afraid that the combofix.txt is the same as the old one because i didn't see a ComboFix.txt file created on my C: drive locationhere is the combofix.txt file ComboFix 08-05-21.3 - youssefhg 2008-05-27 10:53:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.914 [GMT -4:00]
Running from: D:\Downoaded Softwares\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.
2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Media Player Classic
2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Users\All Users\Real
2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-25 18:34 . 2008-05-25 18:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 18:34 . 2008-05-25 18:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-23 17:18 . 2008-05-23 17:18 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-05-23 12:43 . 2008-05-23 12:43 <DIR> d-------- C:\VundoFix Backups
2008-05-23 09:22 . 2008-05-23 09:22 <DIR> d-------- C:\Users\youssefhg\.ssh
2008-05-23 09:20 . 2008-05-27 10:31 <DIR> d-------- C:\Users\youssefhg\.nx
2008-05-23 09:19 . 2008-05-23 09:19 <DIR> d-------- C:\Program Files\NX Client for Windows
2008-05-20 20:53 . 2008-05-20 20:58 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\DivX
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-20 20:42 . 2008-05-20 20:42 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\acccore
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:43 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Users\All Users\AOL
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\ProgramData\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:43 <DIR> d-------- C:\ProgramData\AOL OCP
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\ProgramData\AOL
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-05-20 20:40 . 2008-05-20 20:42 <DIR> d-------- C:\Program Files\AIM6
2008-05-20 20:40 . 2008-05-20 20:42 366 --ah----- C:\IPH.PH
2008-05-20 14:20 . 2008-05-20 14:20 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\WildTangent
2008-05-19 22:33 . 2008-05-27 08:54 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\skypePM
2008-05-19 22:33 . 2008-05-19 22:33 32 --a------ C:\Users\All Users\ezsid.dat
2008-05-19 22:33 . 2008-05-19 22:33 32 --a------ C:\ProgramData\ezsid.dat
2008-05-19 22:32 . 2008-05-27 10:58 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Skype
2008-05-19 22:30 . 2008-05-19 22:31 <DIR> d-------- C:\Program Files\Skype
2008-05-19 22:30 . 2008-05-19 22:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-19 12:26 . 2008-05-19 12:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 12:26 . 2008-05-19 12:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 12:26 . 2008-05-19 12:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\HP
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\CyberLink
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\All Users\HP
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\ProgramData\HP
2008-05-18 22:41 . 2008-05-18 22:41 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Apple Computer
2008-05-18 22:40 . 2008-05-18 22:41 <DIR> d-------- C:\Program Files\iTunes
2008-05-18 22:40 . 2008-05-18 22:40 <DIR> d-------- C:\Program Files\iPod
2008-05-18 22:37 . 2008-05-18 22:40 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-18 22:37 . 2008-05-18 22:40 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-18 22:37 . 2008-05-18 22:39 <DIR> d-------- C:\Program Files\QuickTime
2008-05-18 22:37 . 2008-05-18 22:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\Users\All Users\Apple
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\ProgramData\Apple
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-17 12:59 . 2008-05-17 15:42 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\SSH
2008-05-17 12:59 . 2008-05-17 13:00 <DIR> d-------- C:\Users\All Users\SSH
2008-05-17 12:59 . 2008-05-17 13:00 <DIR> d-------- C:\ProgramData\SSH
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Helios
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Program Files\TextPad 5
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Program Files\SSH Communications Security
2008-05-17 09:48 . 2008-05-17 09:48 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-17 05:10 . 2008-05-17 05:10 <DIR> d-------- C:\PerfLogs
2008-05-17 04:42 . 2008-05-17 04:14 152,576 --a------ C:\WINDOWS\System32\SPWizUI.dll
2008-05-17 04:42 . 2008-05-17 04:14 47,560 --a------ C:\WINDOWS\System32\SPReview.exe
2008-05-17 04:21 . 2008-01-18 23:33 599,552 --a------ C:\WINDOWS\System32\vsp1cln.exe
2008-05-17 04:21 . 2008-01-18 23:33 193,024 --a------ C:\WINDOWS\System32\recdisc.exe
2008-05-17 04:21 . 2008-01-18 23:36 142,336 --a------ C:\WINDOWS\System32\spp.dll
2008-05-17 04:21 . 2008-01-18 23:36 28,160 --a------ C:\WINDOWS\System32\sxproxy.dll
2008-05-17 04:21 . 2008-01-18 23:36 6,656 --a------ C:\WINDOWS\System32\sdspres.dll
2008-05-17 04:18 . 2008-01-18 23:34 6,103,040 --a------ C:\WINDOWS\System32\chtbrkr.dll
2008-05-17 04:14 . 2008-01-18 23:33 44,032 --a------ C:\WINDOWS\System32\cbsra.exe
2008-05-17 03:03 . 2008-05-17 04:44 327,680 --a------ C:\WINDOWS\SPInstall.etl
2008-05-17 02:30 . 2008-05-17 02:31 268,511,373 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-16 15:32 . 2008-05-16 15:33 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:33 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 03:21 . 2008-05-16 03:21 988,216 --a------ C:\WINDOWS\System32\winload.exe
2008-05-16 03:21 . 2008-05-16 03:21 927,288 --a------ C:\WINDOWS\System32\winresume.exe
2008-05-16 03:21 . 2008-05-16 03:21 615,992 --a------ C:\WINDOWS\System32\ci.dll
2008-05-16 03:21 . 2008-05-16 03:21 378,368 --a------ C:\WINDOWS\System32\srcore.dll
2008-05-16 03:21 . 2008-05-16 03:21 318,464 --a------ C:\WINDOWS\System32\rstrui.exe
2008-05-16 03:21 . 2008-05-16 03:21 46,592 --a------ C:\WINDOWS\System32\setbcdlocale.dll
2008-05-16 03:21 . 2008-05-16 03:21 40,960 --a------ C:\WINDOWS\System32\srclient.dll
2008-05-16 03:21 . 2008-05-16 03:21 19,000 --a------ C:\WINDOWS\System32\kd1394.dll
2008-05-16 03:21 . 2008-05-16 03:21 14,848 --a------ C:\WINDOWS\System32\srdelayed.exe
2008-05-16 03:21 . 2008-05-16 03:21 6,656 --a------ C:\WINDOWS\System32\kbd106n.dll
2008-05-16 03:18 . 2008-05-16 03:18 2,032,128 --a------ C:\WINDOWS\System32\win32k.sys
2008-05-16 03:17 . 2008-05-16 03:17 295,936 --a------ C:\WINDOWS\System32\gdi32.dll
2008-05-16 03:11 . 2008-05-16 03:11 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-05-16 03:11 . 2008-05-16 03:11 826,880 --a------ C:\WINDOWS\System32\wininet.dll
2008-05-16 03:10 . 2008-05-16 03:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-15 23:16 . 2008-05-15 23:16 <DIR> d-------- C:\Program Files\Gabest
2008-05-15 22:41 . 2008-05-15 22:41 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-05-15 21:31 . 2008-05-15 21:31 <DIR> d-------- C:\Users\All Users\Google
2008-05-15 20:49 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-05-15 14:59 . 2008-05-15 15:00 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\TortoiseSVN
2008-05-15 14:16 . 2008-05-27 08:53 25,515 --a------ C:\Users\youssefhg\AppData\Roaming\nvModes.dat
2008-05-15 14:05 . 2008-05-15 14:05 <DIR> d-------- C:\Program Files\UnH Solutions
2008-05-15 13:55 . 2008-05-15 13:55 <DIR> d-------- C:\Downloads
2008-05-15 13:54 . 2008-05-16 08:49 <DIR> d-------- C:\Program Files\BitComet
2008-05-15 13:10 . 2008-05-15 13:15 <DIR> d-------- C:\Program Files\Windows Live
2008-05-15 13:10 . 2008-05-15 13:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-15 12:59 . 2008-05-15 13:10 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-15 12:59 . 2008-05-15 13:10 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-15 12:56 . 2008-05-18 22:40 <DIR> d-------- C:\Program Files\Bonjour
2008-05-15 12:53 . 2008-05-19 22:31 <DIR> d-------- C:\Users\All Users\Skype
2008-05-15 12:53 . 2008-05-19 22:31 <DIR> d-------- C:\ProgramData\Skype
2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-15 12:29 . 2008-05-15 12:29 <DIR> d-------- C:\Users\youssefhg\.dbvis
2008-05-15 12:25 . 2008-05-15 12:26 <DIR> d-------- C:\Program Files\DbVisualizer-6.0.10
2008-05-15 12:13 . 2008-05-15 12:13 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Subversion
2008-05-15 12:07 . 2008-05-15 12:07 <DIR> d-------- C:\Program Files\TortoiseSVN
2008-05-15 11:51 . 2008-05-15 11:51 21 --ah----- C:\qpmd8379.bin
2008-05-15 11:50 . 2008-05-16 10:04 53,248 --a------ C:\WINDOWS\System32\cfperfmon_8.dll
2008-05-15 11:48 . 2008-05-15 11:49 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-05-15 11:48 . 2008-05-16 10:07 <DIR> d-------- C:\ColdFusion8
2008-05-15 11:44 . 2008-05-15 11:44 <DIR> d--h----- C:\Users\youssefhg\InstallAnywhere
2008-05-15 11:39 . 2008-05-15 12:15 <DIR> d-------- C:\cygwin
2008-05-15 11:38 . 2008-05-15 11:38 <DIR> d-------- C:\Program Files\Subversion
2008-05-15 11:27 . 2008-05-15 11:27 <DIR> d-------- C:\WINDOWS\PCHEALTH
2008-05-15 11:27 . 2008-05-15 11:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-15 11:18 . 2008-05-15 11:18 <DIR> dr-h----- C:\MSOCache
2008-05-15 10:59 . 2008-05-15 10:59 136,496 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.SYS
2008-05-15 10:59 . 2008-05-15 11:00 10,652 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.CAT
2008-05-15 10:59 . 2008-05-15 11:00 806 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.INF
2008-05-15 10:58 . 2008-05-15 11:00 <DIR> d-------- C:\Program Files\Symantec
2008-05-15 10:58 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\System32\MFC71.DLL
2008-05-15 10:58 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\System32\MSVCP71.DLL
2008-05-15 10:58 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\System32\MSVCR71.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 00:51 --------- d-----w C:\Program Files\DivX
2008-05-20 18:20 --------- d-----w C:\ProgramData\WildTangent
2008-05-17 16:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 09:30 174 --sha-w C:\Program Files\desktop.ini
2008-05-17 09:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 09:20 --------- d-----w C:\Program Files\Windows Calendar
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Journal
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Defender
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-17 08:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-17 08:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 07:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 18:13 --------- d-----w C:\ProgramData\CyberLink
2008-05-15 16:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 15:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-15 15:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-15 15:02 --------- d-----w C:\ProgramData\Symantec
2008-05-15 14:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-15 14:32 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 14:30 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Templates
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Start Menu
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Favorites
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Documents
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Desktop
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Application Data
2008-05-13 01:53 129,784 ------w C:\Windows\System32\PxAFS.DLL
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 01:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 19:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 14:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 19:42 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 13:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 13:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-29 09:35 77824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 00:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 00:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 00:25 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\youssefhg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2008-05-15 11:30:31 845584]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 09:16:39 34520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2497455648-2839833209-4065968779-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8487480D-1C86-41BC-88D2-2F94CEFB5506}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2323E63B-77E5-49DA-AB6C-674CAE419990}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{BA87D380-4483-441F-8DE3-F17AFA5472AB}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{85087D8B-AF97-4EB9-A26E-D8B9AB8F767F}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{935C2EF6-A603-4F13-8463-5A832EC27F6B}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D75EE1D6-182D-42A7-BE19-058BA7449A8C}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E274B2FC-F54F-4631-BB1B-F63DD15BA9A2}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{694F75FE-AD5C-4AB0-BB36-7C2CAA098EAF}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6014D925-779E-4517-9853-F48EE1F54858}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0158754C-0CAA-4651-A1BC-C0CA90A95F43}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44A7F39C-5F3C-4878-86B5-5C42F49CA0E1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C2105CA8-6F50-4906-9F35-ADCC317BB1B5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0AE3926-EEC5-4F02-A564-C24AE84F922B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9403EDE5-FA94-449F-A7F9-2006D330B0EF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{47DE4C2C-D9DC-4933-8CF5-4455BD02DEF2}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{2DB2D51C-F7CA-40C8-B950-41B4DBBBE499}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{D88F83D6-90E3-4FA8-BDB6-D7455B6F4671}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{1478A35F-D3FB-4895-82B9-19FC2AD60FE6}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{653FD3FB-5E10-43C2-AB94-27C329478C33}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{317AE7C4-D296-41A3-B7B9-35F3E2EDA431}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{A010181C-C3A3-4061-9FC0-0A7D6F854FC7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9032707E-686C-4502-9CFA-C06352072053}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5CCC3F1-2EC6-4088-87C8-0F66CD469FD5}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{96780B97-CE85-4218-A886-80FEC7C56F22}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{3128D0F9-4727-441F-9493-0AF512D7DB64}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AC5AFC2A-104D-4717-AB12-BF70C7DF83AB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{243C6AAD-A340-4ACF-8D73-118E1819570E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{58934D5E-E61A-4CC3-B95C-3DAFD8640D02}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E8247466-714A-4C2C-9E45-29E540EA62AA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DFD721AE-8C5A-46CA-B132-7786EEEC719E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5262D4C2-465D-476C-B62C-EB0648B3D0CD}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{4E97483A-F807-4673-A9E2-B088C88EB51F}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{F710AD1B-ECA1-4FAB-B718-A0F0E4D9B656}C:\\program files\\nx client for windows\\nxclient.exe"= UDP:C:\program files\nx client for windows\nxclient.exe:nxclient
"UDP Query User{C2832FE4-4EBC-4C39-843C-1D653ED99782}C:\\program files\\nx client for windows\\nxclient.exe"= TCP:C:\program files\nx client for windows\nxclient.exe:nxclient
"TCP Query User{95301031-5273-4D82-BB15-25FD6CC3FE8C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4B38BA65-35C6-4FB5-88D5-87730D587BB1}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{98181D0A-07D7-4943-ADD9-38E63F65E9E8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0A869BA8-7026-46A6-800B-97693210D892}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 ColdFusion 8 Application Server;ColdFusion 8 Application Server;"C:\ColdFusion8\runtime\bin\jrunsvc.exe" [2008-03-18 05:11]
R2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;C:\ColdFusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" []
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;C:\ColdFusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" []
R2 ColdFusion 8 Search Server;ColdFusion 8 Search Server;"C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\ColdFusion8\verity\k2\common\verity.cfg" -ntstart 1 []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 13:39]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14c0f204-2aae-11dd-8f65-001636ce7d60}]
\shell\AutoRun\command - H:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32621c7a-228d-11dd-a572-001636ce7d60}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-27 10:58:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
Completion time: 2008-05-27 11:00:21
ComboFix-quarantined-files.txt 2008-05-27 14:59:31
Pre-Run: 22,253,686,784 bytes free
Post-Run: 22,264,463,360 bytes free
327 --- E O F --- 2008-05-21 07:06:50
and here is the highjackthis log fileLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:54 PM, on 5/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\youssefhg\Desktop\putty.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\Explorer.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downoaded Softwares\BlueFish\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...n&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.135.55.155 mrt
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) -
http://www.streamplu...lug/beta/SP.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -
http://asp.mathxl.co...nstallAsst2.cabO16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) -
http://asp.mathxl.co.../EconPlayer.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion 8 Application Server - Macromedia Inc. - C:\ColdFusion8\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10660 bytes
Edited by Youssef Attalla, 27 May 2008 - 12:10 PM.