ComboFix 09-06-01.03 - Ian B. Jones 06/03/2009 6:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1603 [GMT -4:00]
Running from: c:\documents and settings\Ian B. Jones\Desktop\ComboFix1.exe
AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-05-28 22:48 . 2009-05-28 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-22 19:25 . 2009-05-22 19:25 -------- d-----w- c:\docume~1\IANB~1.JON\APPLIC~1\Malwarebytes
2009-05-22 18:55 . 2009-05-22 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-22 18:54 . 2009-04-06 19:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 18:54 . 2009-04-06 19:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 18:54 . 2009-05-22 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 18:54 . 2009-05-22 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 18:52 . 2009-05-22 18:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-19 20:02 . 2009-05-19 20:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 19:16 . 2009-05-19 19:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-06 22:26 . 2009-05-06 22:26 -------- d-----w- c:\windows\system32\KB905474
2009-05-06 22:26 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-06 22:26 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-05-06 21:37 . 2009-05-06 21:37 0 ----a-w- c:\windows\nsreg.dat
2009-05-06 21:37 . 2009-05-06 21:37 -------- d-----w- c:\documents and settings\Ian B. Jones\Local Settings\Application Data\Mozilla
2009-05-05 13:47 . 2009-05-08 18:18 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-04 13:54 . 2009-05-04 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 13:54 . 2009-05-06 21:33 -------- d-----w- c:\docume~1\IANB~1.JON\APPLIC~1\SUPERAntiSpyware.com
2009-05-04 13:54 . 2009-05-06 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 22:55 . 2006-10-24 22:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-21 10:19 . 2006-11-03 20:10 -------- d-----w- c:\docume~1\IANB~1.JON\APPLIC~1\ContentGuard
2009-05-19 20:01 . 2006-10-16 16:04 -------- d-----w- c:\program files\Java
2009-05-19 19:21 . 2008-09-19 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-19 19:15 . 2006-10-16 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-07 00:25 . 2006-10-16 16:17 -------- d-----w- c:\program files\Google
2009-05-06 23:12 . 2009-03-31 16:06 -------- d-----w- c:\program files\Coupons
2009-05-06 23:05 . 2006-10-27 14:16 -------- d-----w- c:\program files\Yahoo!
2009-05-06 21:34 . 2006-10-16 16:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-06 21:32 . 2006-10-30 17:25 -------- d--h--r- c:\docume~1\IANB~1.JON\APPLIC~1\yahoo!
2009-05-06 21:32 . 2006-10-27 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-30 12:27 . 2007-06-16 18:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-28 18:50 . 2009-04-28 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-04-28 18:40 . 2009-04-28 18:40 90560 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 19:21 . 2009-04-21 19:21 -------- d-----w- c:\docume~1\IANB~1.JON\APPLIC~1\Move Networks
2009-04-02 23:08 . 2009-03-30 20:42 50192 ----a-r- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 23:08 . 2009-03-30 20:42 50192 ----a-r- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 23:08 . 2009-03-30 20:36 153104 ----a-r- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 20:32 . 2009-03-30 20:36 36368 ----a-r- c:\windows\system32\drivers\tmpreflt.sys
2009-03-30 20:32 . 2009-03-30 20:36 205328 ----a-r- c:\windows\system32\drivers\tmxpflt.sys
2009-03-30 20:32 . 2009-03-30 20:36 1195512 ----a-r- c:\windows\system32\drivers\vsapint.sys
2009-03-30 20:32 . 2009-03-30 20:32 80400 ----a-r- c:\windows\system32\drivers\tmtdi.sys
2009-03-06 14:22 . 2004-08-11 22:00 284160 ----a-r- c:\windows\system32\pdh.dll
2006-10-31 22:45 . 2006-10-24 11:58 88 -csh--r- c:\windows\system32\138EC67ADF.sys
2006-10-31 22:45 . 2006-10-24 11:58 3350 -csha-r- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 107008]
"Logitech Utility"="c:\windows\LOGI_MWX.EXE" [2003-12-17 19968]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-19 148888]
c:\documents and settings\Ian B. Jones\Start Menu\Programs\Startup\
PaperMaster Live Menu 7.0.lnk - c:\program files\PaperMaster Pro 7.0\J2GDllCmd.exe [2005-3-17 110592]
PaperMaster Tray Menu 7.0.lnk - c:\program files\PaperMaster Pro 7.0\J2GTray.exe [2005-3-17 441856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-24 82026]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-8 113664]
eFax 4.2.lnk - c:\program files\eFax Messenger 4.2\J2GTray.exe [2006-10-31 612352]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.2.lnk
backup=c:\windows\pss\eFax 4.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"IAANTMON"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SymWSC"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"NProtectService"=2 (0x2)
"NISUM"=2 (0x2)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ccPxySvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/30/2009 4:36 PM 36368]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2009 4:42 PM 50192]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/30/2009 4:43 PM 677128]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/19/2008 8:55 AM 33176]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-06-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://www.sparkpeople.com/websearch/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} -
hxxps://eplans.atlantaga.gov/ProjectDox ... lientX.cabDPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} -
hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cabDPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} -
hxxps://eplans.atlantaga.gov/ProjectDox ... atZip2.cabFF - ProfilePath - c:\docume~1\IANB~1.JON\APPLIC~1\Mozilla\Firefox\Profiles\2j9b9s2u.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-03 06:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-03 6:20
ComboFix-quarantined-files.txt 2009-06-03 10:20
Pre-Run: 127,164,813,312 bytes free
Post-Run: 129,813,164,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
187 --- E O F --- 2009-06-03 07:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:23 AM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian B. Jones\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sparkpeople.com/websearch/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://downloads.yahoo.com/internetexplorer/welcomeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\LOGI_MWX.EXE"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Startup: PaperMaster Tray Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5483.cabO16 - DPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} (BravaClientXView 6.0 Class) -
https://eplans.atlantaga.gov/ProjectDox ... lientX.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocxO16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} (SAXFileEE FileDownload ActiveX Control) -
http://appsnet.bentley.com/myselectcd/SAXFileEE.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crl ... crlocx.ocxO16 - DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} (Chilkat Zip2) -
https://eplans.atlantaga.gov/ProjectDox ... atZip2.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 7810 bytes