Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.435 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.
2009-02-25 19:29 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-25 19:27 . 2009-02-25 19:27 <DIR> d-------- c:\program files\Panda Security
2009-02-22 09:11 . 2009-02-22 09:11 <DIR> d-------- C:\_OTMoveIt
2009-02-18 09:45 . 2009-02-18 09:45 <DIR> d-------- c:\program files\IZArc
2009-02-13 10:39 . 2009-02-13 10:39 <DIR> d-------- c:\program files\Trend Micro
2009-02-12 20:01 . 2009-02-12 20:47 <DIR> d-------- C:\d78a198d282fa6ef36eb24bce2ecfdac
2009-02-12 20:01 . 2009-02-12 20:02 <DIR> d-------- C:\bd8baa64735694e91ae3f9ed8230
2009-02-12 12:01 . 2009-02-12 12:01 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-02-12 12:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 12:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 12:00 . 2009-02-14 15:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 12:00 . 2009-02-12 12:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 08:40 . 2009-02-12 08:40 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-12 08:40 . 2009-02-12 08:43 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 00:11 . 2009-02-12 00:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-11 23:42 . 2009-02-11 23:42 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-11 23:23 . 2009-02-11 23:23 <DIR> d-------- c:\program files\NOS
2009-02-11 23:23 . 2009-02-11 23:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-11 22:50 . 2009-02-11 22:50 <DIR> d-------- c:\program files\ABBYY FineReader 6.0 Sprint
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\McAfee
2009-02-11 17:46 . 2009-02-11 20:17 <DIR> d-------- c:\program files\RegScanner
2009-02-11 17:46 . 2009-02-11 17:46 39,424 --a------ c:\windows\zipinst.exe
2009-02-11 16:44 . 2009-02-11 16:44 <DIR> d-------- c:\program files\VS Revo Group
2009-02-01 12:07 . 2009-02-01 12:07 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Lexmark Productivity Studio
2009-02-01 10:23 . 2009-02-01 10:23 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\5600-6600 Series
2009-02-01 10:16 . 2009-02-25 16:51 <DIR> d-------- c:\documents and settings\All Users\Lx_cats
2009-02-01 10:11 . 2009-02-01 10:11 <DIR> d-------- C:\logs
2009-02-01 10:10 . 2008-04-23 23:34 360,448 --a------ c:\windows\system32\lxducoin.dll
2009-02-01 10:10 . 2008-03-03 22:42 61,218 --a------ c:\windows\system32\lxduprpr.chm
2009-02-01 10:10 . 2008-05-23 19:17 40,960 --a------ c:\windows\system32\lxduvs.dll
2009-02-01 10:09 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-02-01 10:09 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-02-01 10:08 . 2008-05-09 20:42 1,036,288 --a------ c:\windows\system32\lxdudrs.dll
2009-02-01 10:08 . 2008-05-09 20:42 81,920 --a------ c:\windows\system32\lxducaps.dll
2009-02-01 10:08 . 2008-05-09 20:29 69,632 --a------ c:\windows\system32\lxducnv4.dll
2009-02-01 10:07 . 2009-02-01 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\5600-6600 Series
2009-02-01 10:07 . 2008-05-29 19:12 339,968 --a------ c:\windows\system32\IMGMAN32.DLL
2009-02-01 10:07 . 2008-05-29 19:12 98,345 --a------ c:\windows\system32\IMHOST32.DLL
2009-02-01 10:07 . 2008-05-29 19:12 98,304 --a------ c:\windows\system32\IM31XPNG.DEL
2009-02-01 10:07 . 2008-05-29 19:14 86,016 --a------ c:\windows\system32\lxduoem.dll
2009-02-01 10:07 . 2008-05-29 19:12 69,632 --a------ c:\windows\system32\IM31XTIF.DEL
2009-02-01 10:07 . 2008-05-29 19:12 49,152 --a------ c:\windows\system32\IM31IMG.DIL
2009-02-01 10:07 . 2008-05-01 07:41 45,056 --a------ c:\windows\system32\LXDUPMON.DLL
2009-02-01 10:07 . 2008-05-29 19:12 32,768 --a------ c:\windows\system32\LXDUFXPU.DLL
2009-02-01 10:05 . 2009-02-01 10:05 <DIR> d-------- c:\program files\Lexmark Tools for Office
2009-02-01 10:04 . 2009-02-06 16:17 <DIR> d-------- c:\program files\Lexmark Toolbar
2009-02-01 10:04 . 2009-02-01 10:04 <DIR> d-------- c:\program files\Lexmark Printable Web
2009-02-01 10:04 . 2008-04-15 18:08 352,256 --a------ c:\windows\system32\LXDUwupd.dll
2009-02-01 10:04 . 2008-05-23 19:58 17,064 --a------ c:\windows\system32\LXDUwupd.exe
2009-02-01 10:04 . 2006-12-06 12:19 44 --a------ c:\windows\system32\lxdurwrd.ini
2009-02-01 10:02 . 2009-02-12 00:09 <DIR> d-------- c:\program files\Lexmark 5600-6600 Series
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 08:08 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 14:29 --------- d-----w c:\program files\Elaborate Bytes
2009-02-13 13:24 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-13 13:24 --------- d-----w c:\program files\LimeWire
2009-02-13 00:55 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-12 16:25 --------- d-----w c:\program files\McAfee
2009-02-12 13:44 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 04:16 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\UseNeXT
2009-02-12 01:50 --------- d-----w c:\program files\E.M. Youtube Video Download Tool
2009-02-11 22:40 --------- d-----w c:\program files\MpcStar
2009-02-11 22:26 --------- d-----w c:\program files\RegistryFix
2009-02-11 22:26 --------- d-----w c:\program files\NCH Swift Sound
2009-02-11 22:23 --------- d-----w c:\program files\Boilsoft MOV Converter
2009-02-11 22:20 --------- d-----w c:\program files\DivX
2009-02-11 22:17 --------- d-----w c:\program files\AviSynth 2.5
2009-02-11 22:17 --------- d-----w c:\program files\Avi2Dvd
2009-01-26 00:20 --------- d-----w c:\program files\UseNeXT
2009-01-24 16:34 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\TigerPlayer
2009-01-24 16:26 --------- d-----w c:\program files\QuickTime
2009-01-18 16:33 --------- d-----w c:\program files\PeerGuardian2
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 04:02 --------- d-----w c:\program files\M-Audio
2009-01-04 04:00 --------- d-----w c:\program files\MIDIOX
2009-01-04 03:35 --------- d-----w c:\program files\Evolution
2009-01-02 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\CinemaNow
2009-01-02 18:02 --------- d-----w c:\program files\Common Files\fluxDVD
2009-01-02 18:01 --------- d-----w c:\program files\Common Files\mpDRM
2009-01-02 18:01 --------- d-----w c:\program files\CinemaNow
2009-01-02 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\mpDRM
2009-01-02 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\fluxDVD
2009-01-02 01:35 --------- d-----w c:\program files\MSN Games
2009-01-02 01:30 --------- d-----w c:\program files\Common Files\Apple
2008-12-30 16:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-12-30 16:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-12-30 16:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-12-30 15:39 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-30 15:39 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-26 13:15 --------- d-----w c:\program files\Java
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 19:16 61,224 -c--a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe
2008-08-04 15:48 304 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-04-18 15:48 538 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\internaldb8467.dat
2007-04-18 15:48 374 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\internaldb6334.dat
2007-04-18 15:48 18,432 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\internaldb41.dat
2007-02-09 22:36 92,064 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmmdm.sys
2007-02-09 22:36 9,232 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmmdfl.sys
2007-02-09 22:36 79,328 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmserd.sys
2007-02-09 22:36 66,656 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmbus.sys
2007-02-09 22:36 6,208 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmcmnt.sys
2007-02-09 22:36 5,936 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmwhnt.sys
2007-02-09 22:36 4,048 -c--a-w c:\documents and settings\Compaq_Administrator\mqdmcr.sys
2007-02-09 22:36 25,600 -c--a-w c:\documents and settings\Compaq_Administrator\usbsermptxp.sys
2007-02-09 22:36 22,768 -c--a-w c:\documents and settings\Compaq_Administrator\usbsermpt.sys
2008-05-31 07:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008053120080601\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-25_17.38.19.72 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2009-02-25 22:03:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-26 10:37:47 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-25 22:03:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-26 10:37:47 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-17 19:02:19 8,461,312 ------w c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2009-02-25 22:34:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2009-02-26 08:08:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2009-02-26 11:02:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d00.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"iolo Task Agent"="c:\program files\iolo\Common\Task Agent\Task_Agent.exe" [2001-10-25 41984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"="/apply" [X]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-29 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-29 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-29 311976]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"PhilipsSA33XXDM"="c:\program files\Philips\SA33XX\Philips Device Manager\Bin\SA33XXDeviceManager.exe" [2007-08-07 892928]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-08-08 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-08-08 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - c:\program files\2Wire 802.11g Wireless\PRISMCFG.EXE [2008-02-08 335979]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-08 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
"midi1"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10890:TCP"= 10890:TCP:BitComet 10890 TCP
"10890:UDP"= 10890:UDP:BitComet 10890 UDP
"45402:TCP"= 45402:TCP:limewire
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-25 28544]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2008-09-22 138616]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-11-09 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-02-01 98984]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2008-03-01 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2008-03-01 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2008-03-01 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2008-03-01 38912]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-11 33752]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2008-03-01 13824]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2008-02-08 347648]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
2009-02-24 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-02-26 c:\windows\Tasks\User_Feed_Synchronization-{A1601425-BA6F-495B-9B34-1F924E40EA5A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\iju8oe0o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\iju8oe0o.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\iju8oe0o.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\iju8oe0o.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\iju8oe0o.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 08:42:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3809172260-2589039784-3814106408-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13026D98-685A-39DD-41E7-5F5936C2F0CE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-02-26 8:44:59
ComboFix-quarantined-files.txt 2009-02-26 13:44:54
ComboFix2.txt 2009-02-25 22:51:50
Pre-Run: 137,144,786,944 bytes free
Post-Run: 137,135,570,944 bytes free
334 --- E O F --- 2009-02-26 08:01:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:02 AM, on 2/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [PRISMSVR.EXE] //~c:\windows\system32\prismsvr.exe /apply
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [PhilipsSA33XXDM] C:\Program Files\Philips\SA33XX\Philips Device Manager\Bin\SA33XXDeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166628402015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab79352.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://myemail.t-mo...ls/TOImport.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 16711 bytes