ComboFix 08-05-25.5 - Peggy 2008-05-26 16:45:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1341 [GMT -5:00]
Running from: P:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\ssqopon.dll
C:\WINDOWS\system32\vturq.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-25 13:56 . 2008-05-25 13:56 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\iWin
2008-05-25 13:55 . 2008-05-25 13:58 <DIR> d-------- C:\Program Files\Risk
2008-05-25 13:55 . 2008-05-25 13:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-24 09:23 . 2008-05-24 09:23 <DIR> d-------- C:\Program Files\Winamp
2008-05-24 09:22 . 2008-05-24 09:25 <DIR> d-------- C:\Program Files\Monkey's Audio
2008-05-24 09:20 . 2008-05-24 09:20 <DIR> d-------- C:\dBpoweramp
2008-05-24 09:15 . 2008-05-24 09:19 413,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-24 09:15 . 2008-05-24 09:19 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2008-05-24 09:15 . 2008-05-24 09:20 3,082 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-05-22 16:35 . 2008-05-24 07:15 69,632 --a------ C:\WINDOWS\system32\realbap1.dll
2008-05-22 16:35 . 2008-05-24 07:15 45,568 --a------ C:\WINDOWS\system32\realbsf1.dll
2008-05-19 12:06 . 2008-05-19 12:06 <DIR> d-------- C:\Program Files\The Weather Channel Toolbar
2008-05-19 12:06 . 2008-03-04 08:29 327,680 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll
2008-05-19 12:06 . 2008-03-04 08:25 98,304 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll
2008-05-19 12:06 . 2006-10-30 14:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-19 12:06 . 2007-12-03 11:36 25,600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll
2008-05-18 22:49 . 2008-05-23 23:32 <DIR> d-------- C:\J. A. Jance - J P Beaumont 10 - Without Due Process
2008-05-18 22:49 . 2008-05-18 22:49 <DIR> d-------- C:\J. A. Jance - J P Beaumont 08 - Minor in Possession
2008-05-18 22:49 . 2008-05-23 23:30 <DIR> d-------- C:\J. A. Jance - J P Beaumont 02 - Injustice for all
2008-05-18 22:46 . 2008-05-18 22:46 <DIR> d-------- C:\J. A. Jance - J P Beaumont 01- Until proven guilty
2008-05-14 09:34 . 2008-05-14 16:13 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner Pro
2008-05-12 20:11 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-11 23:32 . 2008-05-11 23:32 <DIR> d-------- C:\Program Files\SendSpace
2008-05-11 18:04 . 2008-05-11 18:14 <DIR> d-------- C:\Program Files\DC++
2008-05-11 15:44 . 2008-05-11 15:47 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\LTOA
2008-05-10 21:14 . 2008-05-10 21:18 <DIR> d-------- C:\Program Files\The Lost Treasures of Alexandria
2008-05-10 14:38 . 2008-05-10 14:38 <DIR> d-------- C:\WINDOWS\Motive
2008-05-10 14:35 . 2008-05-10 14:38 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-05-10 14:34 . 2008-05-10 14:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MotiveSysIDs
2008-05-10 14:22 . 2003-01-31 12:08 28,005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2008-05-10 13:49 . 2002-02-13 19:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-05-10 13:48 . 2008-05-11 07:54 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-05-10 13:48 . 2008-05-10 13:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-05-10 13:48 . 2004-04-19 13:09 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2008-05-10 13:48 . 2003-08-14 18:23 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2008-05-10 13:48 . 2003-07-17 17:16 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-05-09 18:38 . 2008-05-09 18:38 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-09 14:47 . 2008-05-09 14:47 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\cerasus.media
2008-05-08 21:12 . 2008-05-08 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivoGames
2008-05-08 14:34 . 2008-05-08 14:34 <DIR> d-------- C:\WINDOWS\Aloha Solitaire
2008-05-08 14:34 . 2008-05-09 02:29 <DIR> d-------- C:\Program Files\Aloha Solitaire
2008-05-08 11:36 . 2008-05-08 11:36 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Harmonic Flow
2008-05-08 11:21 . 2008-05-08 11:21 <DIR> d-------- C:\Program Files\Youdagames
2008-05-08 11:20 . 2008-05-08 11:30 <DIR> d-------- C:\WINDOWS\Jig Art Quest
2008-05-08 11:18 . 2008-05-08 11:39 <DIR> d-------- C:\Program Files\Jig Art Quest
2008-05-08 11:12 . 2008-05-08 11:12 <DIR> d-------- C:\Program Files\Rainforest Adventure
2008-05-08 11:09 . 2008-05-09 21:13 <DIR> d-------- C:\Program Files\Animal Agents
2008-05-08 11:07 . 2008-05-08 11:07 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Youdagames
2008-05-08 11:06 . 2008-05-08 11:06 <DIR> d-------- C:\WINDOWS\Sea Bounty Dead Man's Chest
2008-05-08 11:06 . 2008-05-08 11:06 <DIR> d-------- C:\WINDOWS\Balloon Bliss
2008-05-08 11:06 . 2008-05-09 02:09 <DIR> d-------- C:\Program Files\Sea Bounty Dead Man's Chest
2008-05-08 11:06 . 2008-05-08 11:07 <DIR> d-------- C:\Program Files\Balloon Bliss
2008-05-08 11:03 . 2008-05-08 11:03 <DIR> d-------- C:\WINDOWS\Can You See What I See
2008-05-08 11:03 . 2008-05-08 16:41 <DIR> d-------- C:\Program Files\Can You See What I See
2008-05-08 11:02 . 2008-05-08 11:02 <DIR> d-------- C:\WINDOWS\Westward 2
2008-05-08 11:02 . 2008-05-08 11:02 <DIR> d-------- C:\Program Files\Westward 2
2008-05-08 11:00 . 2008-05-08 11:00 <DIR> d-------- C:\WINDOWS\Treasures of Ancient Cavern
2008-05-08 11:00 . 2008-05-08 11:01 <DIR> d-------- C:\Program Files\Treasures of Ancient Cavern
2008-05-07 08:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 08:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 13:43 . 2008-05-06 13:46 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\SprillBermudeEng
2008-05-06 10:34 . 2008-05-06 10:34 <DIR> d-------- C:\WINDOWS\Sprill - The Mystery of The Bermuda Triangle
2008-05-06 10:34 . 2008-05-06 13:46 <DIR> d-------- C:\Program Files\Sprill - The Mystery of The Bermuda Triangle
2008-05-04 20:53 . 2008-05-04 20:53 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Big Fish Games
2008-05-04 20:43 . 2008-05-04 20:43 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\EleFun Games
2008-05-04 20:42 . 2008-05-04 20:42 <DIR> d-------- C:\WINDOWS\Puzzle Mania
2008-05-04 20:42 . 2008-05-05 09:31 <DIR> d-------- C:\Program Files\Puzzle Mania
2008-05-03 10:56 . 2008-05-03 10:56 <DIR> d-------- C:\WINDOWS\Mystery In London
2008-05-03 10:56 . 2008-05-03 10:56 <DIR> d-------- C:\Program Files\Mystery In London
2008-04-29 13:41 . 2008-04-29 13:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
2008-04-29 13:29 . 2008-04-29 13:29 <DIR> d-------- C:\WINDOWS\The Hidden Object Show
2008-04-29 13:29 . 2008-04-29 22:26 <DIR> d-------- C:\Program Files\The Hidden Object Show
2008-04-28 19:51 . 2008-04-28 20:30 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\BloodTies
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 06:04 --------- d-----w C:\Program Files\SpyHunter
2008-05-26 05:51 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Azureus
2008-05-22 02:20 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2008-05-20 21:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-05-19 18:57 --------- d-----w C:\Program Files\MP3Cutter
2008-05-19 17:03 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-16 15:42 --------- d-----w C:\Program Files\EPSON Print CD
2008-05-14 17:20 --------- d-----w C:\Program Files\Cool MP3 Splitter
2008-05-10 18:45 155,995 ----a-w C:\WINDOWS\java\Packages\MNDB7RR9.ZIP
2008-05-09 23:38 --------- d-----w C:\Program Files\Rhapsody
2008-05-02 21:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 21:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 21:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-04-30 03:19 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Vso
2008-04-29 18:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2008-04-22 19:28 --------- d-----w C:\Program Files\PopCap Games
2008-04-22 16:35 --------- d-----w C:\Program Files\Runtime Software
2008-04-19 23:45 --------- d-----w C:\Program Files\Azureus
2008-04-14 03:19 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-14 02:45 --------- d-----w C:\Program Files\Hidden Expedition-Everest
2008-04-14 01:35 --------- d-----w C:\Program Files\Death On The Nile
2008-04-13 23:40 --------- d-----w C:\Program Files\Java
2008-04-13 23:38 --------- d-----w C:\Program Files\SpywareGuard
2008-04-13 23:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-12 19:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 19:06 --------- d-----w C:\Program Files\Sun
2008-04-12 01:57 --------- d-----w C:\Program Files\Realtek AC97
2008-04-11 22:24 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Malwarebytes
2008-04-11 22:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-11 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-04-07 19:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-07 01:26 --------- d-----w C:\Program Files\MP3SPLITTER
2008-04-07 01:19 --------- d-----w C:\Program Files\Cool Mp3 Splitter Joiner
2008-04-06 02:33 --------- d-----w C:\Program Files\MagicISO
2008-04-06 02:30 --------- d-----w C:\Program Files\GameHouse
2008-04-05 22:51 --------- d-----w C:\Program Files\VSO
2008-04-05 22:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:38 --------- d-----w C:\Documents and Settings\Peggy\Application Data\DivX
2008-04-05 22:31 --------- d-----w C:\Program Files\DivX
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 10:23 47,360 ----a-w C:\Documents and Settings\Peggy\Application Data\pcouffin.sys
2008-03-06 00:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-31 19:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
1999-04-30 21:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06 315392]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 08:10 715888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 05:00 98304]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-25 11:25 3112960]
"SpyHunter"="" []
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-23 18:08 185632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:00 44544]
C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
ToggleMINIMIZE.lnk - C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe [2007-05-24 15:30:43 143360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-09-18 01:30 87392 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 10:09 171464 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2006-05-22 13:26 694272 C:\Program Files\dvd43\dvd43_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
--a------ 2005-03-09 05:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-23 18:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 11:42:00 C:\WINDOWS\Tasks\Ad-Aware 2007.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1.EXE
"2008-05-20 01:40:00 C:\WINDOWS\Tasks\Diskeeper Disk Defragmenter.job"
- C:\WINDOWS\system32\mmc.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 16:53:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toggle\ToggleMINIMIZE\MinUtil.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-26 16:58:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 21:58:52
Pre-Run: 8,463,245,312 bytes free
Post-Run: 8,390,205,440 bytes free
237 --- E O F --- 2008-05-16 08:01:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:23 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...pnav_undeclared
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ToggleMINIMIZE.lnk = C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188061977453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188061968031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 5933 bytes