ComboFix 08-05-29.1 - Shay 2008-06-01 1:19:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.186 [GMT -4:00]
Running from: C:\Documents and Settings\Shay\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Shay\Application Data\macromedia\Flash Player\#SharedObjects\ZLUEXYS8\iforex.com
C:\Documents and Settings\Shay\Application Data\macromedia\Flash Player\#SharedObjects\ZLUEXYS8\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Shay\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Shay\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\SYSTEM32\cardxkai.ini
C:\WINDOWS\system32\cjwmxlmg.dll
C:\WINDOWS\SYSTEM32\dceexerb.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\feftdyja.ini
C:\WINDOWS\system32\geBspppn.dll
C:\WINDOWS\SYSTEM32\gileqwmv.ini
C:\WINDOWS\system32\gmlxmwjc.ini
C:\WINDOWS\SYSTEM32\gvuganaf.ini
C:\WINDOWS\system32\iakxdrac.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\npppsBeg.ini
C:\WINDOWS\SYSTEM32\npppsBeg.ini2
C:\WINDOWS\SYSTEM32\obggpuxq.ini
C:\WINDOWS\system32\obtgkoxs.dll
C:\WINDOWS\system32\opnmKDUn.dll
C:\WINDOWS\system32\ourbfsnr.dll
C:\WINDOWS\system32\oxdnfdts.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\SYSTEM32\piitwdib.ini
C:\WINDOWS\SYSTEM32\psqrfmts.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qxupggbo.dll
C:\WINDOWS\SYSTEM32\rhawmebh.ini
C:\WINDOWS\SYSTEM32\rnowepic.ini
C:\WINDOWS\system32\rnsfbruo.ini
C:\WINDOWS\SYSTEM32\svsrfoke.ini
C:\WINDOWS\system32\vmwqelig.dll
C:\WINDOWS\SYSTEM32\vrdkprhh.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\SYSTEM32\xohatpyk.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NEW_DRV
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.
2008-05-30 23:55 . 2008-05-30 23:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 13:56 . 2008-05-30 13:56 <DIR> d-------- C:\Documents and Settings\Shay\Application Data\Malwarebytes
2008-05-30 13:55 . 2008-05-30 13:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 13:55 . 2008-05-30 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 13:55 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-30 13:55 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-05-21 20:42 . 2008-05-21 20:42 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-21 19:52 . 2006-01-31 13:29 107,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-05-21 19:52 . 2006-01-31 13:29 87,808 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-05-20 17:38 . 2008-05-20 17:49 <DIR> d-------- C:\Documents and Settings\Shay\Application Data\Uniblue
2008-05-15 00:38 . 2008-05-15 00:41 <DIR> d-------- C:\Program Files\BHODemon
2008-05-14 19:43 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys
2008-05-14 19:42 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys
2008-05-14 19:40 . 2008-05-15 16:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-14 14:14 . 2008-05-14 14:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-05-14 12:10 . 2008-05-14 14:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-14 04:16 . 2008-05-14 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 04:14 . 2008-05-14 04:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 00:15 --------- d-----w C:\Program Files\Symantec
2008-05-22 00:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 23:28 --------- d-----w C:\Program Files\Packman
2008-05-15 02:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-14 23:40 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-05-14 23:01 --------- d-----w C:\Program Files\McAfee.com
2008-05-14 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-14 15:34 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 01:04 --------- d-----w C:\Documents and Settings\Shay\Application Data\AdobeUM
2008-05-12 01:02 --------- d-----w C:\Program Files\FinePixViewer
2008-04-13 17:05 --------- d-----w C:\Program Files\Picasa2
2008-03-31 03:03 3,920 ---ha-w C:\hpothb07.dat
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2005-07-01 18:13 61,948,862 ----a-w C:\Documents and Settings\Registry Changes\Hotmail Fix-july 1 2005.reg
2005-05-24 23:28 102 ----a-w C:\Documents and Settings\Shay\clear.reg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 200704]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-08-18 19:44 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 14:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 04:35 536576]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 12:36 211828]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 21:59 487424]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"LWBMOUSE"="C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe" [2003-05-18 23:24 438272]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-07 11:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 14:01 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 14:01 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"WinPatrol"="C:\Program Files\WinPatrol\winpatrol.exe" [2005-12-13 00:18 222784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00 55368]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-08-18 19:44 4554752]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 20:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe" [2006-05-02 00:16 124656]
C:\Documents and Settings\Shay\Start Menu\Programs\Startup\
BHODemon.lnk - C:\Program Files\BHODemon\BHODemon.exe [2002-06-23 11:19:00 270336]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-12-17 17:25:00 303104]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2002-09-21 18:20:48 65588]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-01-01 17:58:21 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TeaTimer.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeaTimer.exe
backup=C:\WINDOWS\pss\TeaTimer.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\VPC32.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\XBC\\XBC_NS.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 15:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-08-26 01:01:25 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1124988732.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-08-26 01:01:26 C:\WINDOWS\Tasks\WebReg 20050825210126.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeQ/TaskName 20050825210126 /N
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-01 01:30:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-06-01 1:42:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 05:41:45
Pre-Run: 19,863,375,872 bytes free
Post-Run: 19,927,830,528 bytes free
215 --- E O F --- 2008-04-09 16:43:47
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:39 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://tsn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:1080;http=localhost:8080;https=localhost:808
0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1202005520-347093708-2070992412-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Amar')
O4 - HKUS\S-1-5-21-1202005520-347093708-2070992412-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Mommy')
O4 - HKUS\S-1-5-21-1202005520-347093708-2070992412-1010\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Papa')
O4 - HKUS\S-1-5-21-1202005520-347093708-2070992412-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -
http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6492F34-9EE2-412B-941D-3B122060EBF7}: Domain = queensu.ca
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 13369 bytes