Hello Skate_Punk_21
I'm back with my reports.
Sincerely, Kirshna
********
3:25 PM: | Start of Session, Monday, October 31, 2005 |
3:25 PM: Spy Sweeper started
3:25 PM: Sweep initiated using definitions version 564
3:25 PM: Starting Memory Sweep
3:25 PM: Found Adware: virtumonde
3:25 PM: Detected running threat: C:\WINDOWS\system32\awvvs.dll (ID = 77)
3:27 PM: Memory Sweep Complete, Elapsed Time: 00:01:40
3:27 PM: Starting Registry Sweep
3:27 PM: Found Adware: aksoft
3:27 PM: HKLM\software\aksoft\.support\ (10 subtraces) (ID = 103365)
3:27 PM: HKLM\software\aksoft\.target\ (80 subtraces) (ID = 103366)
3:27 PM: Found Adware: delfin
3:27 PM: HKLM\software\nsvcin\ (2 subtraces) (ID = 124886)
3:27 PM: Found Adware: hotbar
3:27 PM: HKCR\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (11 subtraces) (ID = 127270)
3:27 PM: HKLM\software\classes\clsid\{d9882035-7745-47c7-8d5e-c11178f9c553}\ (11 subtraces) (ID = 127434)
3:27 PM: HKLM\software\classes\spamblockerconfig.application\ (3 subtraces) (ID = 127536)
3:27 PM: HKLM\software\microsoft\windows\currentversion\run\ || spam blocker for outlook express (ID = 127615)
3:27 PM: HKLM\software\spam blocker\ (28 subtraces) (ID = 127633)
3:27 PM: HKCR\spamblockerconfig.application\ (3 subtraces) (ID = 127634)
3:27 PM: Found Adware: isearch desktop search
3:27 PM: HKCR\mfiltis\ (3 subtraces) (ID = 129007)
3:27 PM: HKLM\software\classes\mfiltis\ (3 subtraces) (ID = 129010)
3:27 PM: HKLM\software\system updater\ (ID = 129016)
3:27 PM: Found Adware: limeshop
3:27 PM: HKLM\software\microsoft\windows\currentversion\run\ || limeshop (ID = 129726)
3:27 PM: Found Adware: websearch toolbar
3:27 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_esies\ (4 subtraces) (ID = 146511)
3:27 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
3:27 PM: Found Adware: wurldmedia
3:27 PM: HKCR\appid\sostatatl.exe\ (1 subtraces) (ID = 147535)
3:27 PM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (1 subtraces) (ID = 147536)
3:27 PM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (8 subtraces) (ID = 147565)
3:27 PM: HKCR\interface\{bc12b055-c9f5-407d-9b66-1851973f32af}\ (8 subtraces) (ID = 147569)
3:27 PM: HKLM\software\aksoft\ (34346 subtraces) (ID = 639132)
3:27 PM: Found Adware: couponage
3:27 PM: HKLM\software\dealsonline\.data\ (2858 subtraces) (ID = 639276)
3:27 PM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
3:27 PM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
3:27 PM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
3:27 PM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
3:27 PM: Registry Sweep Complete, Elapsed Time:00:00:17
3:27 PM: Starting Cookie Sweep
3:27 PM: Found Spy Cookie: 2o7.net cookie
3:27 PM: owner@2o7[2].txt (ID = 1957)
3:27 PM: Found Spy Cookie: apmebf cookie
3:27 PM: owner@apmebf[1].txt (ID = 2229)
3:27 PM: Found Spy Cookie: azjmp cookie
3:27 PM: owner@azjmp[2].txt (ID = 2270)
3:27 PM: Found Spy Cookie: qksrv cookie
3:27 PM: owner@qksrv[1].txt (ID = 3213)
3:27 PM: Found Spy Cookie: reliablestats cookie
3:27 PM:
[email protected][2].txt (ID = 3254)
3:27 PM: Found Spy Cookie: tribalfusion cookie
3:27 PM: owner@tribalfusion[1].txt (ID = 3589)
3:27 PM: Found Spy Cookie: 123count cookie
3:27 PM:
[email protected][2].txt (ID = 1928)
3:27 PM: Found Spy Cookie: winantiviruspro cookie
3:27 PM:
[email protected][2].txt (ID = 3690)
3:27 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3:27 PM: Starting File Sweep
3:27 PM: Found Adware: apropos
3:27 PM: c:\windows\system32\config\systemprofile\local settings\temp\~compoundinst0 (ID = -2147481413)
3:27 PM: c:\windows\system32\config\systemprofile\local settings\temp\~apropos0 (3 subtraces) (ID = -2147481414)
3:27 PM: c:\windows\system32\config\systemprofile\local settings\temp\autoupdate0 (1 subtraces) (ID = -2147481415)
3:27 PM: Found Adware: powerscan
3:27 PM: c:\documents and settings\administrator\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
3:27 PM: Found Adware: ezula ilookup
3:27 PM: c:\documents and settings\administrator\start menu\programs\earn (2 subtraces) (ID = -2147481004)
3:27 PM: c:\program files\limeshop (131 subtraces) (ID = -2147480733)
3:27 PM: c:\documents and settings\kids\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
3:27 PM: c:\documents and settings\kids\start menu\programs\earn (2 subtraces) (ID = -2147481004)
3:27 PM: Found Adware: bho_sep
3:27 PM: c:\program files\sep (ID = -2147480335)
3:27 PM: c:\windows\system32\config\systemprofile\start menu\programs\earn (2 subtraces) (ID = -2147481004)
3:27 PM: c:\windows\system32\config\systemprofile\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
3:28 PM: limeshop.inf (ID = 65527)
3:28 PM: moconfig.exe (ID = 90743)
3:28 PM: limeshop.exe (ID = 65525)
3:29 PM: power scan.lnk (ID = 72676)
3:29 PM: Found Adware: tvmedia
3:29 PM: tvmknwrd.dll (ID = 81726)
3:29 PM: limeshop_readme.txt (ID = 65532)
3:29 PM: limeshop_preferences0.htm (ID = 65531)
3:29 PM: limeshop_offer0.htm (ID = 65530)
3:29 PM: limeshop_confirm0.htm (ID = 65529)
3:29 PM: dosync.dll (ID = 54703)
3:30 PM: docore.dll (ID = 54701)
3:30 PM: tvmknwrd.dll (ID = 81726)
3:30 PM: tvmknwrd.dll (ID = 81726)
3:30 PM: Found Adware: look2me
3:30 PM: ptdrjni_1_1.dll (ID = 65904)
3:31 PM: power scan.lnk (ID = 72676)
3:31 PM: Found Adware: virtualbouncer
3:31 PM: delfin.dll (ID = 82799)
3:31 PM: power scan.lnk (ID = 72676)
3:31 PM: updinst.exe (ID = 65966)
3:31 PM: setup.inf (ID = 50156)
3:32 PM: setup.inf (ID = 50158)
3:32 PM: Found Adware: ebates money maker
3:32 PM: ce.class (ID = 59510)
3:32 PM: bi.class (ID = 59463)
3:32 PM: bl.class (ID = 59469)
3:32 PM: bo.class (ID = 59475)
3:32 PM: r.class (ID = 59694)
3:32 PM: tvmknwrd.dll (ID = 81726)
3:32 PM: bt.class (ID = 59485)
3:32 PM: b.class (ID = 59446)
3:32 PM: d.class (ID = 59555)
3:32 PM: f.class (ID = 59660)
3:32 PM: l.class (ID = 59673)
3:32 PM: n.class (ID = 59687)
3:32 PM: bu.class (ID = 59487)
3:32 PM: bz.class (ID = 59498)
3:32 PM: bb.class (ID = 59451)
3:32 PM: be.class (ID = 59457)
3:32 PM: bf.class (ID = 59458)
3:32 PM: bh.class (ID = 59461)
3:32 PM: cb.class (ID = 59504)
3:32 PM: cf.class (ID = 59511)
3:32 PM: bm.class (ID = 59471)
3:32 PM: bp.class (ID = 59478)
3:32 PM: br.class (ID = 59482)
3:32 PM: bc.class (ID = 59453)
3:32 PM: ch.class (ID = 59516)
3:32 PM: bw.class (ID = 59492)
3:32 PM: ea.class (ID = 59611)
3:32 PM: bx.class (ID = 59494)
3:32 PM: ca.class (ID = 59501)
3:32 PM: cj.class (ID = 59519)
3:32 PM: cc.class (ID = 59506)
3:32 PM: cd.class (ID = 59507)
3:32 PM: cl.class (ID = 59524)
3:32 PM: cn.class (ID = 59528)
3:32 PM: main.class (ID = 59681)
3:32 PM: cu.class (ID = 59543)
3:32 PM: ck.class (ID = 59521)
3:32 PM: cv.class (ID = 59545)
3:32 PM: cx.class (ID = 59548)
3:33 PM: bg.class (ID = 59460)
3:34 PM: tvmknwrd.dll (ID = 81726)
3:34 PM: cs.class (ID = 59539)
3:34 PM: cp.class (ID = 59533)
3:34 PM: cq.class (ID = 59534)
3:34 PM: da.class (ID = 59557)
3:34 PM: dg.class (ID = 59568)
3:34 PM: db.class (ID = 59559)
3:34 PM: dv.class (ID = 59600)
3:34 PM: dj.class (ID = 59576)
3:34 PM: di.class (ID = 59573)
3:34 PM: dw.class (ID = 59603)
3:34 PM: dl.class (ID = 59582)
3:34 PM: dq.class (ID = 59588)
3:34 PM: dx.class (ID = 59604)
3:34 PM: dm.class (ID = 59583)
3:34 PM: dn.class (ID = 59584)
3:34 PM: dy.class (ID = 59605)
3:34 PM: dr.class (ID = 59591)
3:34 PM: dz.class (ID = 59608)
3:34 PM: ed.class (ID = 59657)
3:35 PM: ezula[1].css (ID = 60546)
3:36 PM: q8rq0i95e8.dll (ID = 65904)
3:37 PM: woinstall.exe (ID = 60678)
3:38 PM: duime.dll (ID = 65904)
3:39 PM: power scan.lnk (ID = 72676)
3:39 PM: earn website.url (ID = 60442)
3:39 PM: about earn.lnk (ID = 111342)
3:39 PM: Found Adware: xpehbam dialer
3:39 PM: seksdialer.exe (ID = 90847)
3:39 PM: earn website.url (ID = 60442)
3:39 PM: about earn.lnk (ID = 111342)
3:39 PM: earn website.url (ID = 60442)
3:39 PM: about earn.lnk (ID = 111342)
3:39 PM: Found Adware: cws_hputi
3:39 PM: dc51.url (ID = 55966)
3:39 PM: dc54.url (ID = 55961)
3:39 PM: dc50.url (ID = 55965)
3:39 PM: dc52.url (ID = 55942)
3:39 PM: dc53.url (ID = 55946)
3:39 PM: Found Adware: twain-tech
3:39 PM: twtini.inf (ID = 81896)
3:39 PM: twaintec.inf (ID = 81888)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: twaintec.inf (ID = 81888)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: twaintec.inf (ID = 81888)
3:39 PM: twaintec.inf (ID = 81888)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: twaintec.inf (ID = 81888)
3:39 PM: mxtarget.inf (ID = 81843)
3:39 PM: polmx3.inf (ID = 81859)
3:39 PM: eb.class (ID = 59614)
3:39 PM: q.class (ID = 59693)
3:39 PM: e.class (ID = 59610)
3:39 PM: g.class (ID = 59663)
3:39 PM: ec.class (ID = 59654)
3:39 PM: i.class (ID = 59665)
3:39 PM: k.class (ID = 59671)
3:39 PM: s.class (ID = 59698)
3:39 PM: a.class (ID = 59443)
3:39 PM: m.class (ID = 59678)
3:39 PM: j.class (ID = 59670)
3:39 PM: p.class (ID = 59689)
3:39 PM: v.class (ID = 59718)
3:39 PM: x.class (ID = 59729)
3:39 PM: ba.class (ID = 59449)
3:39 PM: bd.class (ID = 59455)
3:39 PM: bj.class (ID = 59466)
3:39 PM: bq.class (ID = 59480)
3:39 PM: bs.class (ID = 59484)
3:39 PM: bv.class (ID = 59490)
3:39 PM: t.class (ID = 59708)
3:39 PM: cg.class (ID = 59513)
3:39 PM: ci.class (ID = 59517)
3:39 PM: cm.class (ID = 59526)
3:39 PM: co.class (ID = 59530)
3:39 PM: earn website.url (ID = 60442)
3:39 PM: about earn.lnk (ID = 111342)
3:39 PM: cw.class (ID = 59547)
3:39 PM: cy.class (ID = 59551)
3:39 PM: dc.class (ID = 59561)
3:39 PM: u.class (ID = 59715)
3:39 PM: dh.class (ID = 59570)
3:39 PM: dk.class (ID = 59579)
3:39 PM: du.class (ID = 59596)
3:39 PM: limeshop_script0.htm (ID = 65533)
3:41 PM: File Sweep Complete, Elapsed Time: 00:14:24
3:41 PM: Full Sweep has completed. Elapsed time 00:16:26
3:41 PM: Traces Found: 37738
10:07 AM: Removal process initiated
10:08 AM: Quarantining All Traces: look2me
10:08 AM: Quarantining All Traces: websearch toolbar
10:08 AM: Quarantining All Traces: aksoft
10:08 AM: Quarantining All Traces: apropos
10:08 AM: Quarantining All Traces: bho_sep
10:08 AM: Quarantining All Traces: couponage
10:08 AM: Quarantining All Traces: cws_hputi
10:08 AM: Quarantining All Traces: delfin
10:08 AM: Quarantining All Traces: ebates money maker
10:08 AM: Quarantining All Traces: ezula ilookup
10:08 AM: Quarantining All Traces: hotbar
10:08 AM: Quarantining All Traces: isearch desktop search
10:08 AM: Quarantining All Traces: limeshop
10:08 AM: Quarantining All Traces: powerscan
10:08 AM: Quarantining All Traces: tvmedia
10:08 AM: Quarantining All Traces: twain-tech
10:08 AM: Quarantining All Traces: virtualbouncer
10:08 AM: Quarantining All Traces: virtumonde
10:08 AM: virtumonde is in use. It will be removed on reboot.
10:08 AM: C:\WINDOWS\system32\awvvs.dll is in use. It will be removed on reboot.
10:08 AM: Quarantining All Traces: wurldmedia
10:08 AM: Quarantining All Traces: xpehbam dialer
10:08 AM: Quarantining All Traces: 123count cookie
10:08 AM: Quarantining All Traces: 2o7.net cookie
10:08 AM: Quarantining All Traces: apmebf cookie
10:08 AM: Quarantining All Traces: azjmp cookie
10:08 AM: Quarantining All Traces: qksrv cookie
10:08 AM: Quarantining All Traces: reliablestats cookie
10:08 AM: Quarantining All Traces: tribalfusion cookie
10:08 AM: Quarantining All Traces: winantiviruspro cookie
10:08 AM: Warning: Launched explorer.exe
10:08 AM: Warning: Quarantine process could not restart Explorer.
********
3:23 PM: | Start of Session, Monday, October 31, 2005 |
3:23 PM: Spy Sweeper started
3:24 PM: Your spyware definitions have been updated.
3:25 PM: | End of Session, Monday, October 31, 2005 |
Logfile of HijackThis v1.99.1Scan saved at 2:14:25 PM, on 11/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Palm\HOTSYNC.EXE
C:\Documents and Settings\Owner\Desktop\HIjackme\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us10.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us10.hpwis.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [r7mh3pi] dcoqhm.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [aw5nRfGEU] danic.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
http://go.microsoft....204&clcid=0x409O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-24.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1129999022578O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
http://install.wildt...nce/install.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} -
http://mediaplayer.w...ler/install.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...613/mcfscan.cabO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kbdus - Unknown owner - C:\WINDOWS\System32\kbdus.exe (file missing)
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe