ComboFix 09-01-17.01 - Paquette Farm 2009-01-17 18:17:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.451 [GMT -5:00]
Running from: c:\documents and settings\Paquette Farm\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\taskkill.com
.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.
2009-01-13 09:31 . 2009-01-17 11:13 104 --a------ c:\windows\IBMVPD.INI
2009-01-10 08:56 . 2009-01-10 08:56 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 23:03 . 2009-01-09 23:03 <DIR> d-------- c:\documents and settings\Paquette Farm\Application Data\Malwarebytes
2009-01-09 23:03 . 2009-01-09 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 17:23 . 2009-01-08 17:23 2,303 --a------ c:\windows\guess.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 22:39 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-17 21:58 --------- d-----w c:\documents and settings\Paquette Farm\Application Data\dvdcss
2009-01-17 16:10 --------- d-----w c:\program files\Apple Software Update
2009-01-10 15:53 --------- d-----w c:\documents and settings\Paquette Farm\Application Data\AdobeUM
2008-12-18 13:27 --------- d-----w c:\documents and settings\Paquette Farm\Application Data\U3
2008-12-14 22:44 --------- d-----w c:\program files\Guitar Pro 5
2008-12-14 22:31 --------- d-----w c:\program files\Elaborate Bytes
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-22 14:29 --------- d-----w c:\program files\LimeWire
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-08-25 00:55 256 ----a-w c:\documents and settings\Paquette Farm\pool.bin
2008-05-13 01:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2006-12-25 16:40 58 ----a-w c:\program files\ArcRegister.SET
2006-12-25 16:40 30,147 ----a-w c:\program files\registration.html
2006-12-25 16:40 227 ----a-w c:\program files\pmk3.set
2005-09-26 10:52 13,751 ------w c:\program files\Readme.wri
2005-09-24 14:28 1,171,456 ----a-w c:\program files\NkbTransfer.exe
2005-09-24 14:11 1,970,176 ----a-w c:\program files\NkbPProj.exe
2005-09-22 15:16 2,241,536 ----a-w c:\program files\NEFLibrary3.dll
2005-09-22 15:16 2,121,728 ----a-w c:\program files\NkbNEF.dll
2005-09-21 22:24 696,320 ----a-w c:\program files\NkbImport.exe
2005-09-15 15:43 49,152 ----a-w c:\program files\DecoRndr.dll
2005-09-15 15:43 196,608 ----a-w c:\program files\iProLib.dll
2005-09-15 15:43 192,512 ----a-w c:\program files\StateRenderer.dll
2005-09-15 15:43 188,416 ----a-w c:\program files\CoreDoc.dll
2005-09-15 15:43 172,032 ----a-w c:\program files\RGBRenderer.dll
2005-09-15 15:43 114,688 ----a-w c:\program files\libexpatw.dll
2005-09-15 15:43 102,400 ----a-w c:\program files\utilsLib.dll
2005-09-14 22:00 114,688 ------w c:\program files\Zelkova3.dll
2005-09-13 15:28 81,920 ----a-w c:\program files\NkbRTL.dll
2005-09-13 15:28 1,966,080 ----a-w c:\program files\NkRotateLib3.dll
2005-09-13 15:28 1,032,192 ----a-w c:\program files\Asteroid6.dll
2005-09-08 15:03 36,352 ----a-w c:\program files\WorkQueue.dll
2005-09-08 15:03 274,432 ----a-w c:\program files\StdFilters4.dll
2005-09-08 15:03 180,224 ----a-w c:\program files\Strato4.dll
2005-09-08 15:03 135,168 ----a-w c:\program files\CML6.dll
2005-09-07 22:45 118,784 ----a-w c:\program files\NkbMonitor.exe
2005-09-05 17:04 69,632 ----a-w c:\program files\NkbPProjLang.dll
2005-09-05 17:04 53,248 ----a-w c:\program files\NkbImportLang.dll
2005-09-05 17:04 126,976 ----a-w c:\program files\NkbTransferLang.dll
2005-08-23 15:22 77,824 ----a-w c:\program files\NkbXView.dll
2005-08-23 15:22 68,096 ----a-w c:\program files\RedEye.dll
2005-08-23 15:22 495,616 ----a-w c:\program files\DRAGNKL1.dll
2005-08-23 15:22 48,128 ----a-w c:\program files\picn20.dll
2005-08-23 15:22 180,224 ----a-w c:\program files\picn1120.dll
2005-08-23 15:22 155,648 ----a-w c:\program files\picn1020.dll
2005-08-23 15:22 114,688 ----a-w c:\program files\NkPTPLib.dll
2005-08-23 15:22 110,592 ----a-w c:\program files\RCSigProc.dll
2005-08-05 16:29 2,836 ----a-w c:\program files\Neutral.set
2005-06-30 05:35 1,258,492 ----a-w c:\program files\PictureProject.chm
2005-06-03 22:25 2,332 ----a-w c:\program files\NkbPProj.tlb
2005-05-27 20:55 258,048 ----a-w c:\program files\Nikon NEF Plugin LE.8bi
2004-09-24 14:40 245,408 ----a-w c:\program files\unicows.dll
2004-06-29 07:37 753,664 ----a-w c:\program files\EzDll.dll
2004-06-19 12:27 794,624 ----a-w c:\program files\pmk3.exe
2004-06-17 09:21 133,149 ----a-w c:\program files\Template.dat
2004-06-17 09:20 133,801 ----a-w c:\program files\Template1.dat
2004-06-16 06:10 208,896 ----a-w c:\program files\Stitch30.dll
2004-05-27 08:56 897 ----a-w c:\program files\Template0.dat
2004-05-22 13:51 61,440 ----a-w c:\program files\PmkRes.dll
2004-04-28 09:41 348,160 ----a-w c:\program files\AlbumBase.dll
2003-10-22 13:45 442,368 ----a-w c:\program files\FPXLIB.DLL
2003-10-09 14:52 225,280 ----a-w c:\program files\Res_Dll.dll
2003-08-06 06:57 4,128,977 ----a-w c:\program files\PMK3.HLP
2003-07-12 07:23 8,628 ---ha-w c:\program files\pmk3.GID
2003-05-29 06:17 12,776 ----a-w c:\program files\psshadow.log
2003-05-21 10:49 2,589 ----a-w c:\program files\dtype.inf
2002-08-30 00:41 323,072 ----a-w c:\program files\msvcrt.dll
2002-07-18 22:14 49,152 ----a-w c:\program files\Nikon YCC TIFF.8BI
2002-06-07 04:57 131,072 ----a-w c:\program files\ArcRegister.exe
2002-01-19 08:47 122,880 ----a-w c:\program files\JPEGLIB.DLL
1997-12-24 13:34 115,712 ----a-w c:\program files\Filefpx.dll
1995-08-01 10:44 212,480 ----a-w c:\program files\Pcdlib32.dll
2008-10-05 18:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100520081006\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-09-30 536576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-25 5033984]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-05 114741]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-09-30 536576]
"Rapid Restore"="c:\program files\Xpoint\PE\Skin\rrpcsb.exe" [2003-08-06 180224]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-09-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2008-06-16 474624]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"nwiz"="nwiz.exe" [2003-09-25 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 c:\windows\system32\irprops.cpl]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2002-07-01 c:\windows\system32\SKDAEMON.EXE]
c:\documents and settings\Paquette Farm\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-02-08 225280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2004-02-28 209016]
NkbMonitor.exe.lnk - c:\program files\NkbMonitor.exe [2006-12-25 118784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0SsiEfr.e
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-01-16 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2004-01-16 9216]
R4 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [2004-02-08 84224]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [2004-12-14 521472]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2007-12-28 172401]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
.
Contents of the 'Scheduled Tasks' folder
2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Santa - c:\program files\Santa\SantaDeskmate.exe
HKCU-Run-SantaUpdate - c:\program files\Santa\Santaupdate.exe
HKCU-Run-tgcmd - (no file)
HKLM-Run-tgcmd - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/uDefault_Search_URL =
hxxp://ie.search.msn.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.line6.net
TCP: {6AD26C4A-D106-4EA5-AA28-1CD31ED1F5F6} = 207.164.234.193 207.164.234.129
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-17 18:20:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\S¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2459657075-1462322967-778894383-1017\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
Completion time: 2009-01-17 18:23:03
ComboFix-quarantined-files.txt 2009-01-17 23:22:29
Pre-Run: 12,547,960,832 bytes free
Post-Run: 17,685,291,008 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect /NoExecute=OptIn
245 --- E O F --- 2009-01-16 12:17:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:21 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe
C:\Program Files\Xpoint\PE\pcrecsa.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\danp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] c:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\rrpcsb.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
http://www-307.ibm.com/pc/support/IbmEgath.cabO16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) -
file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD26C4A-D106-4EA5-AA28-1CD31ED1F5F6}: NameServer = 207.164.234.193 207.164.234.129
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
--
End of file - 11796 bytes