Here is the ComboFix log:
ComboFix 09-02-04.01 - dan.dwyer 2009-02-04 14:55:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.464 [GMT -7:00]
Running from: c:\documents and settings\dan.dwyer\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\dan.dwyer\Local Settings\Temporary Internet Files\index.dat
c:\windows\system32\wdmaud.sys
.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-04 13:17 . 2009-02-04 13:21 2,694 --a------ C:\dd
2009-02-04 09:14 . 2009-02-04 09:14 <DIR> d-------- c:\windows\LastGood
2009-02-03 16:37 . 2009-02-03 16:38 <DIR> d-------- C:\rsit
2009-02-03 15:11 . 2009-02-03 15:11 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-03 14:51 . 2009-02-03 14:51 11 --a------ c:\windows\SA2004HH.ini
2009-02-03 14:36 . 2009-02-03 14:36 11 --a------ c:\windows\3DTQ2.ini
2009-02-03 13:44 . 2009-02-03 13:44 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 13:25 . 2009-02-03 13:25 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-03 13:25 . 2009-02-03 13:25 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-03 13:25 . 2009-02-03 13:25 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-03 13:25 . 2009-02-03 13:25 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-03 13:13 . 2009-02-03 13:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-02-03 13:13 . 2009-02-03 13:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2009-02-02 15:28 . 2009-02-02 15:28 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 13:41 . 2009-02-02 13:41 <DIR> d-------- c:\program files\Windows Defender
2009-02-02 13:37 . 2009-02-02 13:37 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-02 13:37 . 2009-02-02 13:37 1,409 --a------ c:\windows\QTFont.for
2009-02-02 12:22 . 2009-02-02 12:23 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-02 12:22 . 2009-02-02 12:22 <DIR> d-------- c:\documents and settings\dan.dwyer\Application Data\PC Tools
2009-02-02 12:22 . 2009-02-02 13:35 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-02 12:22 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-02 12:22 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-02 12:22 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-02 12:22 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-30 16:37 . 2009-01-30 16:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-29 14:01 . 2009-01-29 14:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-29 14:01 . 2009-01-29 14:01 <DIR> d-------- c:\documents and settings\dan.dwyer\Application Data\Malwarebytes
2009-01-29 14:01 . 2009-01-29 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 14:01 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-29 14:01 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-29 13:41 . 2009-01-30 10:20 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-29 10:38 . 2009-01-29 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-01-29 10:37 . 2009-01-29 10:37 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-29 10:37 . 2009-01-29 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-23 08:33 . 2009-01-23 08:33 <DIR> d-------- c:\documents and settings\dan.dwyer\Application Data\Blackberry Desktop
2009-01-15 16:19 . 2009-02-03 15:04 256 --a------ c:\documents and settings\dan.dwyer\pool.bin
2009-01-15 16:07 . 2009-01-15 16:07 <DIR> d-------- c:\documents and settings\dan.dwyer\Application Data\InstallShield
2009-01-15 16:06 . 2009-01-15 16:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-01-15 16:03 . 2009-01-15 16:04 <DIR> d-------- c:\program files\Roxio
2009-01-15 16:03 . 2009-01-15 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2009-01-15 16:02 . 2009-01-15 16:04 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-01-15 15:29 . 2009-01-15 15:29 <DIR> d-------- c:\documents and settings\dan.dwyer\Application Data\Smith Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 21:50 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-04 21:22 --------- d-----w c:\program files\NOS
2009-02-04 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-03 22:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-03 21:57 --------- d-----w c:\program files\IGN
2009-02-03 21:53 --------- d--h--w c:\documents and settings\All Users\Application Data\GTek
2009-02-03 21:51 --------- d-----w c:\program files\Street Atlas USA 2004 Handheld
2009-02-03 21:50 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-03 21:47 --------- d-----w c:\program files\Sony Handheld
2009-02-03 21:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 21:44 --------- d-----w c:\program files\DeLorme
2009-02-03 21:37 --------- d-----w c:\program files\3D TopoQuads 2.0
2009-02-03 20:44 --------- d-----w c:\program files\Java
2009-02-03 20:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-03 20:25 --------- d-----w c:\program files\Symantec
2009-02-03 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-29 20:26 --------- d-----w c:\program files\Google
2009-01-15 22:55 --------- d-----w c:\program files\Common Files\Research In Motion
2009-01-15 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-10-06 17:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100620081007\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-30_16.31.59.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 03:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-03-06 19:29:24 25,214 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2009-02-03 20:26:01 25,214 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-03-06 19:29:24 40,960 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2009-02-03 20:26:01 40,960 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-03-06 19:29:24 40,960 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2009-02-03 20:26:01 40,960 ----a-r c:\windows\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2007-09-25 05:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-02-03 20:44:13 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-25 05:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-03 20:44:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-25 06:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-03 20:44:13 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-09-06 05:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2009-01-08 00:20:24 1,486,192 ----a-w c:\windows\system32\LegitCheckControl.DLL
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-06-10 18:35:03 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-04 16:13:59 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-11-06 16:17:37 72,098 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-02 19:23:52 72,098 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-06 16:17:38 431,618 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-02 19:23:52 431,618 ----a-w c:\windows\system32\perfh009.dat
+ 1996-01-13 01:00:00 24,576 ----a-w c:\windows\system32\STKIT432.DLL
+ 2009-02-03 21:58:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_724.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2008-07-31 1422608]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"PDF3 Registry Controller"="c:\program files\ScanSoft\PDF Converter 3.0\\RegistryController.exe" [2006-01-13 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2005-08-02 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\
0\
0]
"Script"=wuaufix.cmd
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-03 99376]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-02 356920]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MODEM
.
Contents of the 'Scheduled Tasks' folder
2009-02-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.umt.edu/facstaff.aspxuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} -
hxxp://backup2.gs.umt.edu/webinstall/webinst.cabFF - ProfilePath - c:\documents and settings\dan.dwyer\Application Data\Mozilla\Firefox\Profiles\47q2q41y.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-04 14:57:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-04 14:58:32
ComboFix-quarantined-files.txt 2009-02-04 21:58:29
ComboFix2.txt 2009-01-30 23:32:47
Pre-Run: 136,324,108,288 bytes free
Post-Run: 136,345,055,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
204 --- E O F --- 2009-01-15 10:01:31
Here is the fresh HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04, on 2009-02-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.umt.edu/facstaff.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 -
res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3719777458O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) -
http://backup2.gs.umt.edu/webinstall/webinst.cabO16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
http://pccheckup.dellfix.com/rel/35/ins ... downde.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = umt.edu
O17 - HKLM\Software\..\Telephony: DomainName = umt.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = umt.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = umt.edu
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9087 bytes