ComboFix Log
ComboFix 08-07-05.1 - Megan MacDonald 2008-07-06 20:50:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.98 [GMT -4:00]
Running from: C:\Documents and Settings\Megan MacDonald\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\??mbols\
C:\Program Files\Common Files\mbols~1\csrss.exe
C:\Program Files\inetget2
C:\Program Files\mjc
C:\Program Files\mjc\mjc.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\zjcbxry.dll
C:\WINDOWS\TWVnYW4\
C:\WINDOWS\TWVnYW4\\asappsrv.dll
C:\WINDOWS\TWVnYW4\\command.exe
C:\WINDOWS\TWVnYW4\\nqpBsqb.vbs
C:\WINDOWS\TWVnYW4\command.exe
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem~1\m?hta.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-06 20:38 . 2008-07-06 20:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-06 17:51 . 2008-07-06 17:55 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-06 17:23 . 2008-07-06 17:23 <DIR> d-------- C:\Program Files\Sakora
2008-07-06 17:17 . 2008-07-06 17:56 <DIR> d-------- C:\Program Files\Webtools
2008-07-02 06:32 . 2008-07-02 03:32 81,920 --a------ C:\WINDOWS\b155.exe
2008-06-29 07:25 . 2008-07-06 17:55 <DIR> d-------- C:\Program Files\Common Files\kruo
2008-06-29 07:25 . 2008-06-29 07:25 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-06-29 07:25 . 2008-06-29 07:25 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-06-29 07:25 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-06-28 08:11 . 2008-07-06 20:58 51,712 --a------ C:\WINDOWS\17PHolmes1001186.exe
2008-06-28 07:05 . 2008-06-28 07:05 51,712 --a------ C:\WINDOWS\mrofinu1001186.exe.tmp
2008-06-28 07:05 . 2008-06-28 07:16 51,712 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-06-25 11:47 . 2008-06-25 08:47 49,152 --a------ C:\WINDOWS\b156.exe
2008-06-22 20:14 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-22 20:14 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-22 20:13 . 2008-06-22 20:16 <DIR> d-------- C:\Program Files\Picasa2
2008-06-22 20:13 . 2008-07-06 17:55 <DIR> d-------- C:\Program Files\Google
2008-06-20 14:39 . 2008-06-20 14:39 <DIR> d-------- C:\Documents and Settings\Megan MacDonald\Application Data\Leadertech
2008-06-20 14:37 . 2008-06-20 14:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-19 20:17 . 2008-06-19 20:18 <DIR> d-------- C:\Program Files\LimeWire
2008-06-18 12:21 . 2008-06-18 09:21 222,208 --a------ C:\WINDOWS\b148.exe
2008-06-17 08:44 . 2008-06-17 08:44 <DIR> d-------- C:\Program Files\iPod
2008-06-17 08:43 . 2008-06-17 08:43 <DIR> d-------- C:\Program Files\music
2008-06-17 08:41 . 2008-06-17 08:42 <DIR> d-------- C:\Program Files\QuickTime
2008-06-17 08:35 . 2008-06-17 08:36 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-17 08:35 . 2008-06-17 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 10:05 . 2008-06-13 07:05 102,400 --a------ C:\WINDOWS\b152.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 02:22 --------- d-----w C:\Documents and Settings\Megan MacDonald\Application Data\LimeWire
2008-06-17 13:03 --------- d-----w C:\Program Files\Trillian
2008-06-02 10:21 --------- d-----w C:\Program Files\Modem Helper
2008-06-02 10:18 --------- d-----w C:\Program Files\FileZilla
2008-05-30 11:40 549,376 ----a-w C:\WINDOWS\b159.exe
2008-05-22 18:31 --------- d-----w C:\Documents and Settings\Megan MacDonald\Application Data\SiteAdvisor
2008-05-08 18:29 --------- d-----w C:\Program Files\Java
2008-04-14 15:08 53,760 ----a-w C:\WINDOWS\b157.exe
2008-01-31 13:14 186,336 ----a-w C:\Documents and Settings\Megan MacDonald\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-04 08:00 1039360 23e8f705028343835e3f0b495dda10ad C:\WINDOWS\explorer.exe
2007-06-13 07:26 1040384 66dca55a92295fec61ec38195e8361e4 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 1040384 19387abeb22ce4f22ba1b16089a27f52 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2004-08-04 08:00 1039360 a3bb0f68151ef6716308bb5ca39f16bd C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 08:00 22528 e1202890370a4a44c61eb30b8878b4e3 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 08:00 22528 a07196de37aa94d56fe01a5126649176 C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-21 02:53 57856 37ae41395d281f3506d911e04cf754ec C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 65024 bd93c68cb617edfd2a0802e7508c2c42 C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
2005-06-10 20:17 65024 26be59cddbed2bc9cd5731a8dbf74cfa C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
2004-08-04 08:00 65024 6887351efb1718d2172a43485d6210b6 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 08:00 65024 1ca35e76a32dc9a26f4babae2ad79a9e C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_13.47.25.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-11 07:29:38 35,328 ----a-w C:\WINDOWS\b103.exe
+ 2006-09-01 09:32:37 84,697 ----a-w C:\WINDOWS\b104.exe
+ 2008-01-24 12:49:46 231,424 ----a-w C:\WINDOWS\b116.exe
- 2008-06-02 17:38:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 00:56:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-21 00:02:28 174,080 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-17 12:36:05 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-06-17 12:44:52 102,400 ----a-r C:\WINDOWS\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe
+ 2008-06-19 21:22:43 2,042 ----a-w C:\WINDOWS\mozver.dat
- 2000-08-31 12:00:00 37,376 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 37,888 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-06-02 17:38:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-07 00:56:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-29 11:20:22 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-06-02 17:38:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 00:56:08 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-29 12:20:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062920080630\index.dat
- 2008-06-02 17:38:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 00:56:08 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-19 19:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-02-23 02:38:33 43,872 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
- 2008-01-31 00:17:17 553,736 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-23 00:10:19 553,736 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-04 00:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-09-27 21:53:22 514,808 ------w C:\WINDOWS\system32\px.dll
+ 2006-09-27 21:53:22 477,944 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2006-09-27 21:53:22 68,344 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2006-09-27 21:53:22 183,032 ------w C:\WINDOWS\system32\pxmas.dll
+ 2006-09-27 21:53:23 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2006-09-27 21:53:23 39,672 ------w C:\WINDOWS\system32\vxblock.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 22528]
"StrgSync.exe"="C:\Program Files\Storage\StorageSync\StrgSync.exe" [2007-12-21 00:46 3032576]
"Sakora"="C:\Program Files\Sakora\Sakora.exe" [2008-07-06 17:23 35256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-21 02:48 761856]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 811008]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 704512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 421888]
"iTunesHelper"="C:\Program Files\music\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-07-06 20:58 51712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Vqze"="C:\WINDOWS\?ystem\m?hta.exe" [?]
"Sakora"="C:\Program Files\Sakora\Sakora.exe" [2008-07-06 17:23 35256]
"SfKg6wIP"="C:\Documents and Settings\Megan MacDonald\Application Data\Microsoft\Windows\nrbhucw.exe" [2008-06-29 07:20 45056]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2005-02-23 17:19 61440 C:\Program Files\DVD Drive\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\music\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-04-11 21:15 299008 C:\Program Files\DVD Drive\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 421888 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-08-24 17:57 36640 C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
--a------ 2007-12-21 00:46 3032576 C:\Program Files\Storage\StorageSync\StrgSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"iPod Service"=3 (0x3)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"wscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\music\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59044394-427c-11dd-b184-0013ce2abbb4}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{937cc4f7-ac4f-11dc-b0e9-0013ce2abbb4}]
\Shell\AutoRun\command - D:\pptview.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 18:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 05:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-mjc - C:\Program Files\mjc\mjc.exe
HKU-Default-Run-GetPack19 - C:\Program Files\GetPack\GetPack19.exe
HKU-Default-Run-Sldc - C:\PROGRA~1\COMMON~1\MBOLS~1\csrss.exe
HKU-Default-Run-SpeedRunner - C:\Documents and Settings\Megan MacDonald\Application Data\SpeedRunner\SpeedRunner.exe
HKU-Default-Run-kruo - C:\PROGRA~1\COMMON~1\kruo\kruom.exe
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-mcagent_exe - C:\Program Files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 20:57:09
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\mrofinu1001186.exexe
.
**************************************************************************
.
Completion time: 2008-07-06 21:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 01:01:25
ComboFix2.txt 2008-06-05 19:30:24
ComboFix3.txt 2008-06-03 00:56:48
ComboFix4.txt 2008-06-02 17:48:11
Pre-Run: 25,731,780,608 bytes free
Post-Run: 25,712,427,008 bytes free
260 --- E O F --- 2008-07-06 07:00:25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:01 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\music\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sakora\Sakora.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Documents and Settings\Megan MacDonald\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\music\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\Storage\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe
O4 - HKUS\S-1-5-18\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Vqze] C:\WINDOWS\?ystem\m?hta.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\Megan MacDonald\Application Data\Microsoft\Windows\nrbhucw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198207144984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198207138687
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6523 bytes