ComboFix 09-04-27.05 - anand 04/28/2009 15:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2589 [GMT -5:00]
Running from: c:\documents and settings\anand\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\anand\reader_s.exe
c:\program files\INSTALL.LOG
c:\windows\IE4 Error Log.txt
c:\windows\ld08.exe
c:\windows\msmark2.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\Memman.vxd
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\Process.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\At1.job
c:\windows\system32\ufgfcpw.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LZCXDKEJ
-------\Service_lzcxdkej
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-21 05:51 . 2009-04-21 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-21 05:51 . 2009-04-21 05:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-21 04:59 . 2009-04-21 04:59 -------- d-----w c:\program files\Unlocker
2009-04-21 02:02 . 2009-04-21 03:40 -------- d-----w c:\windows\BDOSCAN8
2009-04-20 17:20 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-20 04:23 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-20 03:50 . 2009-04-20 03:50 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-20 03:50 . 2009-04-20 03:50 -------- d-----w c:\program files\Lavasoft
2009-04-17 16:10 . 2009-04-17 16:10 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-17 04:42 . 2009-04-17 04:42 2 ---h--w c:\windows\t55ft2832f44.dat
2009-04-17 04:42 . 2009-04-17 04:42 1 ---h--w c:\windows\f23567.dat
2009-04-17 04:42 . 2009-04-17 04:42 2 ---h--w c:\windows\t55ft2803f44.dat
2009-04-17 02:42 . 2009-04-17 02:42 2 ---h--w c:\windows\t55ft2772f44.dat
2009-04-15 15:27 . 2009-04-15 15:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 17:35 . 2009-04-05 17:35 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\Google
2009-04-03 17:30 . 2009-04-03 17:30 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-03 16:27 . 2009-04-03 16:28 -------- dc-h--w c:\windows\ie8
2009-04-03 16:24 . 2009-02-28 04:55 105984 -c--a-w c:\windows\system32\dllcache\iecompat.dll
2009-04-03 15:22 . 2009-04-03 15:29 -------- d-----w c:\documents and settings\anand\Application Data\RegTool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 20:49 . 2004-08-04 12:00 103424 ----a-w c:\windows\system32\szdvcup.dll
2009-04-28 01:02 . 2006-03-28 23:47 -------- d-----w c:\program files\Sound Forge
2009-04-27 04:47 . 2006-09-09 12:50 36128 -c--a-w c:\documents and settings\anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-20 03:30 . 2004-08-04 12:00 213376 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-04-19 15:33 . 2007-04-11 18:12 60 ----a-w c:\windows\wpd99.drv
2009-04-15 15:27 . 2007-12-27 19:17 -------- d-----w c:\program files\Java
2009-04-01 16:49 . 2007-01-19 00:06 34552 -c--a-w c:\documents and settings\anand\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 05:52 . 2009-02-22 04:50 -------- d-----w c:\program files\Antares Audio Technologies
2009-03-28 18:12 . 2009-03-23 21:02 -------- d-----w c:\program files\bb
2009-03-24 17:20 . 2009-03-23 21:27 -------- d-----w c:\program files\Jazz_Guitar_Solos_Vol_1-4
2009-03-23 21:27 . 2009-03-23 21:27 -------- d-----w c:\program files\Roland
2009-03-23 21:27 . 2006-09-09 11:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 21:26 . 2009-03-23 21:26 -------- d-----w c:\program files\PowerTracks DirectX Plugins
2009-03-22 23:25 . 2009-03-22 23:25 -------- d-----w c:\program files\Common Files\Native Instruments
2009-03-22 23:25 . 2009-03-22 23:25 -------- d-----w c:\program files\Common Files\Digidesign
2009-03-22 23:24 . 2008-09-06 22:04 -------- d-----w c:\program files\Native Instruments
2009-03-22 18:10 . 2009-03-22 18:10 -------- d-----w c:\program files\7-Zip
2009-03-12 16:59 . 2008-11-24 22:57 2828 -csha-w c:\windows\system32\KGyGaAvL.sys
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-04 12:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 12:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-04 12:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2004-08-04 12:00 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2007-04-25 08:49 . 2008-11-24 21:39 328 -c----w c:\program files\GuideMenuSetup.iss
2007-04-06 03:28 . 2008-11-24 21:42 1237 -c----w c:\program files\WinDVDSetup.iss
2006-11-27 23:36 . 2006-11-27 23:36 1143 -c--a-w c:\program files\uninstal.log
1998-02-10 22:34 . 2007-04-05 17:10 128000 -c--a-w c:\program files\UNWISE.EXE
2008-06-21 14:43 . 2008-06-21 14:43 75 -csh--r c:\windows\CT5PRET.BIN
2008-11-24 22:57 . 2008-11-24 22:57 8 -csh--r c:\windows\system32\4C48B0F6EE.sys
.
------- Sigcheck -------
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2009-04-20 03:30 213376 29CB83D1A129D983B6B5135DA6A72EA5 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-20 03:30 213376 29CB83D1A129D983B6B5135DA6A72EA5 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC53E145-6F19-4F17-902E-798095EAAC4F}]
2004-08-04 12:00 103424 ----a-w c:\windows\system32\ufgfcpw.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-05-01 73728]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-764903313-1208633371-1849977318-30842\Scripts\Logon\
0\
0]
"Script"=\\mmreibc.prv\SysVol\mmreibc.prv\scripts\532Agents.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Marcus & Millichap VPN Client Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Marcus & Millichap VPN Client Software.lnk
backup=c:\windows\pss\Marcus & Millichap VPN Client Software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Documents and Settings\\anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
R0 ntcdrdrv;ntcdrdrv; [x]
R3 emifilt;Emagic EMI Filter Service;c:\windows\system32\drivers\emifilt.sys [2002-10-31 9984]
R3 emiload;Emagic EMI Device Firmware Loader Service;c:\windows\system32\Drivers\emiload.sys [2002-10-31 599424]
R3 NUVision;NUVision II Video Service;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S0 hqrsavbr;hqrsavbr;c:\windows\system32\drivers\hqrsavbr.sys [2004-08-04 23424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-01 101936]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a67b9bef-0559-11de-bef6-0015c51f4eff}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-436374069-839522115-1003.job
- c:\documents and settings\anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-osCheck - c:\program files\Norton Antivirus\osCheck.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: livemocha.com\www
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-28 15:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3297DEA-CB89-027D-D41B-308A379B5644}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhndggbkamanjjcfihakcojmalmnpcmaa"=hex:66,61,62,62,62,6c,67,6e,70,66,69,62,
00,00
"maknehgkbkkhlgckmcdlfohbgc"=hex:67,61,6b,6c,6c,6d,6f,63,69,6a,6e,6c,63,6f,00,
00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Marcus & Millichap\VPN Client Software\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\emitray.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-04-28 15:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 20:57
Pre-Run: 6,149,300,224 bytes free
Post-Run: 6,303,694,848 bytes free
255 --- E O F --- 2009-04-22 08:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:03:18 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Marcus & Millichap\VPN Client Software\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\emitray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\fucker.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {CC53E145-6F19-4F17-902E-798095EAAC4F} - c:\windows\system32\ufgfcpw.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone:
http://get.adobe.comO15 - Trusted Zone:
http://www.adobe.comO15 - Trusted Zone:
http://www.livemocha.comO15 - ESC Trusted Zone:
http://www.petri.co.il (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsup ... gctlsr.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0269107789O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmreibc.prv
O17 - HKLM\Software\..\Telephony: DomainName = mmreibc.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mmreibc.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mmreibc.prv
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Marcus & Millichap\VPN Client Software\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9050 bytes