Success!!! (There's always a lot to be said for the big guns.....)
Thanks for your help on this - its been interesting, to say the least.
ComboFix 09-01-02.01 - Peter 2009-01-04 21:56:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1415 [GMT 11:00]
Running from: c:\documents and settings\Peter\My Documents\My FireFox Downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peter\Application Data\inst.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\FM20(2).DLL
c:\windows\system32\mkghj.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_BNDMSS
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.
2009-01-04 17:32 . 2009-01-04 22:02 <DIR> d-------- C:\installation
2009-01-04 12:40 . 2009-01-04 12:44 <DIR> d-------- c:\documents and settings\Peter\Pavark
2009-01-03 11:45 . 2009-01-03 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 11:45 . 2009-01-03 11:45 <DIR> d-------- c:\documents and settings\Peter\Application Data\Malwarebytes
2009-01-03 11:45 . 2009-01-03 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 11:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 11:25 . 2009-01-03 11:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-30 11:41 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-30 11:41 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-30 11:41 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-12-30 11:33 . 2008-12-30 11:33 <DIR> d-------- c:\program files\Sierra Entertainment
2008-12-29 13:55 . 2008-12-29 13:55 1,508 --a------ c:\windows\DNAPrinters.ini
2008-12-23 16:49 . 2008-12-23 16:49 64 --a------ c:\windows\wininit.ini
2008-12-21 17:28 . 2008-12-21 17:28 <DIR> d-------- c:\program files\GameSpy Arcade
2008-12-21 12:03 . 2008-12-21 12:03 <DIR> d-------- c:\documents and settings\Peter\Application Data\Ethereal
2008-12-21 12:01 . 2008-12-21 12:02 <DIR> d-------- c:\program files\WinPcap
2008-12-21 12:01 . 2009-01-04 13:28 <DIR> d-------- c:\program files\AirSnare
2008-12-21 11:48 . 2008-12-21 11:48 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 15:05 . 2008-12-15 15:05 <DIR> d-------- c:\program files\Software by Design
2008-12-15 15:05 . 2005-05-22 16:00 90,112 --------- c:\windows\SDUnInst.exe
2008-12-15 15:04 . 1999-12-17 10:13 49,664 --a------ c:\windows\unvise32.exe
2008-12-15 13:20 . 2008-12-15 13:20 <DIR> d-------- c:\program files\Marvell
2008-12-15 10:58 . 2004-05-20 19:47 258,560 --a------ c:\windows\system32\drivers\MRV8KA51.sys
2008-12-15 10:58 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-12-15 10:58 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-12-15 10:58 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-12-11 16:07 . 2008-10-23 23:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 10:58 --------- d-----w c:\documents and settings\Peter\Application Data\Free Download Manager
2009-01-04 10:53 --------- d-----w c:\documents and settings\Peter\Application Data\CallingID
2009-01-04 10:43 --------- d-----w c:\documents and settings\Peter\Application Data\HPAppData
2009-01-04 02:31 --------- d-----w c:\documents and settings\Peter\Application Data\U3
2009-01-04 02:29 --------- d-----w c:\program files\Java
2008-12-30 00:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 01:22 --------- d-----w c:\documents and settings\Peter\Application Data\System Tweaker
2008-12-20 23:24 --------- d-----w c:\program files\Ashampoo
2008-12-20 23:06 --------- d-----w c:\program files\Password Solutions
2008-12-16 03:34 --------- d-----w c:\documents and settings\Peter\Application Data\Vso
2008-12-16 03:32 --------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2008-12-15 02:24 --------- d-----w c:\program files\ASUS
2008-12-15 01:32 --------- d-----w c:\program files\LimeWire
2008-12-08 06:15 --------- d-----w c:\program files\Free Download Manager
2008-12-03 01:43 --------- d-----w c:\program files\Sierra
2008-11-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\CA
2008-11-28 00:18 --------- d-----w c:\program files\Pandora Recovery
2008-11-27 02:50 --------- d-----w c:\program files\BlackBox Password Manager
2008-11-26 06:16 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys
2008-11-26 06:16 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys
2008-11-26 06:13 --------- d-----w c:\program files\ISSThirdParty
2008-11-26 06:12 2,732,032 ----a-w c:\windows\system32\win32cpr.dll
2008-11-26 06:12 1,568,870 ----a-w c:\windows\system32\winsflt.dll
2008-11-26 03:08 --------- d-----w c:\documents and settings\Peter\Application Data\GetRightToGo
2008-11-25 22:36 --------- d-----w c:\program files\Common Files\Scanner
2008-11-23 02:49 --------- d-----w c:\documents and settings\Peter\Application Data\LimeWire
2008-11-20 22:15 18,816 ----a-w c:\windows\system32\drivers\dvd43llh.sys
2008-11-20 22:15 --------- d-----w c:\program files\dvd43
2008-11-16 08:53 --------- d-----w c:\program files\FMS
2008-11-12 22:06 --------- d-----w c:\program files\My Company Name
2008-11-11 02:10 --------- d-----w c:\program files\2BrightSparks
2008-11-11 02:04 --------- d-----w c:\program files\TaskSwitchXP
2008-11-11 00:28 --------- d-----w c:\documents and settings\Peter\Application Data\Password Solutions
2008-11-10 23:58 --------- d-----w c:\program files\MSECache
2008-11-10 23:48 --------- d-----w c:\program files\www.freewordexcelpassword.com
2008-11-10 23:26 --------- d-----w c:\program files\Zem Soft
2008-11-10 23:25 --------- d-----w c:\program files\Realtek AC97
2008-11-10 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-10 22:55 --------- d-----w c:\program files\BELKIN
2008-11-09 22:13 --------- d-----w c:\documents and settings\Peter\Application Data\Telstra
2008-11-07 09:41 1,254,640 ----a-w c:\windows\system32\cfgmig32.dll
2008-11-07 05:38 84,496 ----a-w c:\windows\system32\KemXML.dll
2008-11-07 05:38 170,512 ----a-w c:\windows\system32\kemutb.dll
2008-11-07 05:38 145,936 ----a-w c:\windows\system32\KemUtil.dll
2008-11-07 05:38 117,264 ----a-w c:\windows\system32\KemWnd.dll
2008-11-07 05:37 301,656 ----a-w c:\windows\system32\BtCoreIf.dll
2008-11-03 03:04 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-11-01 08:06 99,568 ----a-w c:\windows\system32\isafeif.dll
2008-11-01 08:06 99,568 ----a-w c:\windows\system32\isafeif(3).dll
2008-11-01 08:06 83,256 ----a-w c:\windows\system32\vetredir.dll
2008-11-01 08:06 83,256 ----a-w c:\windows\system32\vetredir(3).dll
2008-11-01 08:06 111,856 ----a-w c:\windows\system32\isafprod.dll
2008-10-31 04:57 264,696 ----a-w c:\windows\system32\UmxSbxw.dll
2008-10-31 04:57 113,144 ----a-w c:\windows\system32\UmxSbxExw.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-20 23:14 8 ----a-w c:\documents and settings\Peter\Application Data\usb.dat.bin
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 03:25 399,096 ----a-w c:\windows\A8VESE10.zip
2008-10-10 03:46 69,632 ----a-w c:\windows\KHALMNPR.Exe
2008-09-26 05:19 47,360 ----a-w c:\documents and settings\Peter\Application Data\pcouffin.sys
2008-09-21 09:53 28,160 ----a-w c:\documents and settings\Peter\poxy4.exe
2008-09-21 02:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092120080922\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnlineTextBuddy"="c:\program files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe" [2005-04-07 839680]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 62976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-01-12 168120]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-09 303104]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2008-11-07 349424]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-11-09 1504496]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-11-09 632048]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-11-09 668912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-11-01 271600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"dvHighMem"="c:\windows\cfgmng32.exe" [2008-09-07 11333632]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2008-11-04 324848]
"CaPPcl"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2008-11-04 570608]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"notepad.exe"="notepad.exe" [2008-04-14 c:\windows\system32\notepad.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-15 809488]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
ULWCFPVLF.lnk - c:\installation\ULWCFPVLF.EXE [2009-01-04 326144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"EnableShellExecuteHooks"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-09-16 1377720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 16:46 79368 c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Peter\\poxy4.exe"=poxy4.exe
"poxy4.exe"= poxy4.exe:BNDMSS
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\bndmss.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Password Solutions\\Office Password Recovery PRO\\OfficePasswordRecoveryPRO.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-10-21 107000]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-08-06 72184]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-08-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-10-07 115704]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-11-26 222448]
R4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2008-11-25 128240]
R4 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-10-28 143864]
R4 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-07-30 58872]
R4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-09-10 1141240]
R4 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-10-21 801272]
R4 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-09-02 289272]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R4 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2008-11-26 823296]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys --> c:\windows\system32\Drivers\Video3D32.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94e30068-8774-11dd-afdc-dd46fc4133eb}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-fsm - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.news.com.au/adelaidenow/IE: Download all with Free Download Manager -
file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager -
file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager -
file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager -
file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cabc:\windows\Downloaded Program Files\SysReqLab3.osd
c:\windows\Downloaded Program Files\ppctl.dll - c:\windows\Downloaded Program Files\caScanner.ocx
O16 -: {E6BB2089-163F-466B-812A-748096614DFD}
hxxp://192.8.110.45/scanner/cascanner.cabc:\windows\Downloaded Program Files\Scanner.inf
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\ycac8qay.default\
FF - prefs.js: browser.startup.homepage -
hxxp://mildura.yourguide.com.au/|http:/ ... elaidenow/FF - component: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\ycac8qay.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}\components\susfox3.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: browser.search.openintab - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-04 22:01:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\svchost(3).exe:ext.exe 25088 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2025429265-436374069-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:b6,af,42,c7,7a,5c,59,2e,d1,94,4d,30,90,0d,e3,39,ef,c9,fb,b7,86,82,40,\
9a,28,31,18,72,ee,93,5d,3b,b0,e9,52,ec,85,6e,b5,d6,03,8a,aa,c8,04,0c,64,2b,\
d3,4f,52,d7,d5,44,5e,10,5b,04,86,ae,25,0a,d0,0f,e3,39,33,8d,f1,8b,08,d1,8d,\
c5,0b,ef,a6,fc,32,fd,5c,4d,90,d3,bd,1e,6e,cb,2d,07,1d,43,8f,da,30,31,27,75,\
ca,eb,80,8b,45,26,93,77,a6,69,0a,b5,d4,bd,54,e4,26,a1,32,27,26,e3,08,38,87,\
87,45,90,2d,3d,da,a1,ea,a5,fc,22,20,0c,8a,3f,8e,6b,5d,0a,62,bd,4c,4c,40,8b,\
77,c6,6e,1d,89,28,31,1c,68,0c,ea,74,4c,b4,72,8a,b1,31,b8,9c,85,b1,4d,b7,1b,\
79,c2,7b,96,92,4d,21,fa,a6,2a,ca,27,39,e7,d0,62,38,18,48,c8,ed,59,b4,1f,f5,\
25,51,1f,54,59,22,5e,79,e5,d3,e0,af,e6,60,bb,c8,bd,b5,06,fd,92,49,64,40,a2,\
a7,29,46,6a,04,1f,cf,48,39,d4,4c,35,af,f7,56,b9,77,f3,d6,9f,d4,2f,b1,95,c5,\
4d,33,7d,58,74,d1,57,ad,6f,24,0b,85,12,4c,55,ee,ab,41,a0,9e,8a,50,ff,27,f4,\
38,67,aa,b6,bc,7d,01,b6,32,8b,65,a7,d2,d2,b4,2d,ee,ea,ad,de,6b,9e,2e,da,c7,\
1c,4b,ac,cf,5b,3c,e3,8a,2b,b9,03,b0,83,94,b5,f7,6d,f1,00,28,f9,23,bd,00,ee,\
ce,63,85,81,f7,08,7a,da,71,02,82,a4,c9,e9,ec,f6,4d,0d,2f,d6,5e,c4,1c,b5,c5,\
78,8c,81,fd,4c,ea,54,7d,00,ce,a4,e5,dc,81,79,6a,9a,fd,3c,b6,c9,1a,2e,84,28,\
86,1e,ec,01,28,c0,a4,b6,ff,2f,f2,33,cf,06,80,c2,2f,6a,26,89,07,4e,fb,66,77,\
a3,fb,de,eb,ca,ab,a4,b8,6c,6e,d2,96,68,d7,6f,6f,43,4a,c8,10,a8,25,ca,11,31,\
b1,14,d6,e4,62,22,a8,87,b7,c4,89,ef,be,dc,99,e7,a6,c4,99,9f,ae
"??"=hex:4c,0b,f1,9d,1a,2a,2e,f8,0a,2c,ea,35,59,6a,ea,29
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\msi.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\winsflt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\mdmcls32.exe
c:\windows\system32\rundll32.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-01-04 22:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 11:04:42
Pre-Run: 93,580,402,688 bytes free
Post-Run: 93,626,122,240 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
374 --- E O F --- 2009-01-01 22:03:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:59 PM, on 4/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.news.com.au/adelaidenow/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://oca.microsoft.com/resredir.aspx? ... 010100.2.0O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [notepad.exe] notepad.exe
O4 - HKCU\..\Run: [OnlineTextBuddy] C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe /quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Active CPU.lnk = C:\Program Files\Active CPU\acpu.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ULWCFPVLF.lnk = C:\installation\ULWCFPVLF.EXE
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab3.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.ca.com/au/securityadvisor/pe ... stscan.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1962064187O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 1972240281O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) -
http://192.8.110.45/scanner/cascanner.cabO23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
--
End of file - 13014 bytes