ComboFix 08-05-19.4 - Aaron 2008-05-19 17:42:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2005 [GMT -5:00]
Running from: C:\Users\Aaron\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-2.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Dcads Advanced Toolbar\buttons.xml
C:\Program Files\Dcads Advanced Toolbar\search.xml
C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Windows\system32\adssitesuggest.dll
C:\Windows\system32\dcads-remove.exe
C:\Windows\system32\dcadssuggest.dll
C:\Windows\system32\x64
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.
2008-05-18 20:35 . 2008-05-18 20:35 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-18 20:33 . 2008-05-18 20:33 <DIR> d-------- C:\Kaspersky
2008-05-13 21:05 . 2008-05-13 21:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-13 21:05 . 2008-05-13 21:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-13 21:05 . 2008-05-13 21:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-13 21:04 . 2008-05-13 21:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 20:49 . 2008-05-13 20:49 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Uniblue
2008-05-12 18:23 . 2008-05-12 18:23 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-05-12 18:23 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-05-12 18:07 . 2008-05-12 18:07 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\CyberLink
2008-05-10 10:52 . 2008-05-10 10:52 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{e6789fc9-1ea6-11dd-bf43-00192141909e}.TMContainer00000000000000000002.regtrans-ms
2008-05-10 10:52 . 2008-05-10 10:52 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{e6789fc9-1ea6-11dd-bf43-00192141909e}.TMContainer00000000000000000001.regtrans-ms
2008-05-10 10:52 . 2008-05-10 10:52 524,288 --ahs---- C:\Users\AppData\NTUSER.DAT{e6789fc2-1ea6-11dd-bf43-00192141909e}.TMContainer00000000000000000002.regtrans-ms
2008-05-10 10:52 . 2008-05-19 17:42 524,288 --ahs---- C:\Users\AppData\NTUSER.DAT{e6789fc2-1ea6-11dd-bf43-00192141909e}.TMContainer00000000000000000001.regtrans-ms
2008-05-10 10:52 . 2008-05-10 10:52 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{e6789fc9-1ea6-11dd-bf43-00192141909e}.TM.blf
2008-05-10 10:52 . 2008-05-19 17:42 65,536 --ahs---- C:\Users\AppData\NTUSER.DAT{e6789fc2-1ea6-11dd-bf43-00192141909e}.TM.blf
2008-05-10 10:23 . 2008-05-10 10:23 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-09 18:48 . 2008-05-09 18:48 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-09 18:48 . 2008-05-09 18:48 42 --a------ C:\END
2008-05-04 15:11 . 2008-05-04 15:11 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Move Networks
2008-04-30 20:46 . 2008-04-30 20:46 <DIR> d-------- C:\PerfLogs
2008-04-30 20:07 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-30 20:06 . 2008-01-19 02:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-04-30 20:05 . 2008-01-19 02:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-04-30 20:04 . 2008-01-19 02:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-04-30 20:03 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-30 20:02 . 2008-01-19 02:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-30 20:02 . 2008-01-05 06:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-30 20:02 . 2008-01-05 06:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-30 20:01 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-30 20:01 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-30 20:01 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-30 20:01 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-30 20:01 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-30 20:01 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-30 20:01 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-30 20:01 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-30 20:01 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-30 19:31 . 2008-04-30 19:31 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-29 21:35 . 2008-04-29 21:35 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-29 21:31 . 2008-04-29 21:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 22:34 --------- d-----w C:\Users\Aaron\AppData\Roaming\Spare Backup
2008-05-19 01:36 --------- d-----w C:\Users\Aaron\AppData\Roaming\LimeWire
2008-05-19 01:35 --------- d-----w C:\Users\Aaron\AppData\Roaming\SiteAdvisor
2008-05-18 14:44 --------- d-----w C:\Program Files\McAfee
2008-05-13 22:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 22:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 23:07 --------- d-----w C:\ProgramData\CyberLink
2008-05-12 23:06 194,372 ----a-w C:\Windows\System32\adssitesuggest_uninstall.exe
2008-05-12 01:13 --------- d-----w C:\Program Files\QuickTime
2008-05-10 15:28 --------- d-----w C:\Program Files\LimeWire
2008-05-01 01:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Journal
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Defender
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-01 01:48 --------- d-----w C:\Program Files\Windows Calendar
2008-05-01 01:19 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-01 01:19 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-30 02:36 --------- d-----w C:\Program Files\MSBuild
2008-04-30 02:36 --------- d-----w C:\Program Files\Microsoft Works
2008-04-19 01:57 --------- d-----w C:\Program Files\Safari
2008-04-19 01:55 --------- d-----w C:\Program Files\Apple Software Update
2008-04-15 02:05 --------- d-----w C:\Program Files\iTunes
2008-04-15 02:05 --------- d-----w C:\Program Files\iPod
2008-03-23 01:15 --------- d-----w C:\Users\Aaron\AppData\Roaming\Apple Computer
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-11-24 16:27 0 ----a-w C:\Users\Aaron\AppData\Roaming\wklnhst.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 11:55 240640]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 23:27 5252936]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Skytel"="Skytel.exe" [2007-06-15 18:45 1826816 C:\Windows\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{60D0BC26-FE6D-4C7A-BC98-BF7A8FFBFA6B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{125A1131-A7B7-43BB-8007-93D9CDCA33E8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{22907888-4F8B-4298-AC85-0110FBE06159}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{9D80942C-7B41-429C-B9F8-4EC03CB70F26}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{E9DDB80B-0D14-452D-9226-8E494DE55ECF}"= UDP:C:\Users\Aaron\Music\Music\LimeWire\LimeWire.exe:LimeWire
"{4340007B-B30B-48C3-86DB-8E77FD3960D8}"= TCP:C:\Users\Aaron\Music\Music\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{DD0EE232-F721-4153-B0DA-DB2EB2EA9C19}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B72C8D3C-B226-4905-8EAC-15441BD05AF2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{79F9007F-077F-4BF0-8E38-DF533590CB8A}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{1E813E95-054C-4FD0-BEB6-0CB4D84E1425}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3B124EDA-7DE0-4C67-B118-5AAE934DD074}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E16EC4FA-A0AB-4B35-A17D-353D42D1B7FB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1629958D-6FDD-4507-B967-114F451DFAD3}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E76BA149-2990-495F-88C0-F2CEE4387EAD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9FFB645E-C862-42D6-AC84-45AB90316049}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{29AA77BF-2890-4BEF-81A3-DDC3AB8A33FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C38EE6C6-3159-48C9-B841-5A5DFEF3EF52}"= UDP:C:\Users\Aaron\Music\LimeWire\LimeWire.exe:LimeWire
"{A33B634D-979A-49A0-9C54-6301BE96C6FF}"= TCP:C:\Users\Aaron\Music\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 02:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 02:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 10:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
S2 0300101211236796mcinstcleanup;McAfee Application Installer Cleanup (0300101211236796);C:\Windows\TEMP\[u]0[/u]30010~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 00:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 05:24:33 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-25 22:55:36 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-05-19 17:45:07 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-19 17:45:54
ComboFix-quarantined-files.txt 2008-05-19 22:45:51
Pre-Run: 335,162,519,552 bytes free
Post-Run: 335,151,534,080 bytes free
214 --- E O F --- 2008-05-16 22:02:29
Logfile of HijackThis v1.99.1
Scan saved at 5:58:28 PM, on 5/19/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Aaron\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0300101211236796) (0300101211236796mcinstcleanup) - Unknown owner - C:\Windows\TEMP\030010~1.EXE (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe | 
|