Hi,
Sorry for the delay. Here is the latest results from what you have asked me to do:
1.) Limewire has been uninstalled.
2.) Since it had been so long since my last reply, I was unable to find these programs in the temps.
C:\DOCUME~1\tbarry\LOCALS~1\Temp\PZNCD.exe
C:\DOCUME~1\tbarry\LOCALS~1\Temp\WRPSFGUQF.exe
However, I did find the following:
VirusTotal Results:File
A_NSISu_.exe received on 01.21.2009 16:41:12 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.21 -
AhnLab-V3 2009.1.21.2 2009.01.21 -
AntiVir 7.9.0.57 2009.01.21 -
Authentium 5.1.0.4 2009.01.20 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.21 -
BitDefender 7.2 2009.01.21 -
CAT-QuickHeal 10.00 2009.01.21 -
ClamAV 0.94.1 2009.01.21 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.21 -
eSafe 7.0.17.0 2009.01.20 -
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.20 -
F-Secure 8.0.14470.0 2009.01.21 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.21 -
Ikarus T3.1.1.45.0 2009.01.21 -
K7AntiVirus 7.10.598 2009.01.21 -
Kaspersky 7.0.0.125 2009.01.21 -
McAfee 5501 2009.01.20 -
McAfee+Artemis 5501 2009.01.20 -
Microsoft 1.4205 2009.01.21 -
NOD32 3785 2009.01.21 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.21 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.21 -
Rising 21.13.22.00 2009.01.21 -
SecureWeb-Gateway 6.7.6 2009.01.21 -
Sophos 4.37.0 2009.01.21 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.21 -
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.21 -
VBA32 3.12.8.10 2009.01.21 -
ViRobot 2009.1.21.1572 2009.01.21 -
VirusBuster 4.5.11.0 2009.01.21 -
Additional information
File size: 109826 bytes
MD5...: f4d39f8260985b4ffb734435c5b7e87a
SHA1..: acee21919e3955f2fb6a1e4d5777fb3638cbad2a
SHA256: 0a5e90d300104461f6f6f86684a9d2f0c2ee66ebab5216532438b052a4d18bd6
SHA512: 7b688c2bc4ca7191c866ae1b3e9f793251e7d3af6a62ebfdf00f3a729697a961
6fe2be3e107f1b1162062d9d199df09bef9c2801db7b563d162f1bfb92b3796b
ssdeep: 1536:h0mrcYRiiVhOuc8JtYXqiWS/9c8Z2xZaKWSNYP5ZqECR0hWDa6fUI7YMtEs
IiKu6:h0m4+quc8JyXII2PaK7NYP5Z2RiwIo+
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x403c53
timedatestamp.....: 0x41debae7 (Fri Jan 07 16:37:59 2005)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a4a 0x5c00 6.37 11a984cfd0f682687859dbd0aad00009
.rdata 0x7000 0x10b4 0x1200 4.99 3e805a35b825962484e84513e732e342
.data 0x9000 0x1b3f4 0x400 5.12 05f31d9fa1507144f86829dc366a6daa
.ndata 0x25000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2f000 0x6000 0x5c00 5.06 71f29459c685bd484b2650164a765db2
( 8 imports )
> COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create
> KERNEL32.dll: ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, CreateFileA, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CopyFileA, ExitProcess, WaitForSingleObject, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, lstrcpyA, lstrlenA, GetSystemDirectoryA, GlobalFree, MulDiv, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, SetFilePointer, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, lstrcpynA
> USER32.dll: ExitWindowsEx, CharNextA, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, EndDialog, ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, DispatchMessageA, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, PeekMessageA
> GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject
> ADVAPI32.dll: RegEnumValueA, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegEnumKeyA
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA
> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
OTMoveIt3 Results:========== SERVICES/DRIVERS ==========
Service WRPSFGUQF stopped successfully.
Service WRPSFGUQF deleted successfully.
Service PZNCD stopped successfully.
Service PZNCD deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\tbarry\Application Data\BitTorrent\locale moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent\incomplete moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent\data\torrents moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent\data\resume moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent\data\metainfo moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent\data moved successfully.
C:\Documents and Settings\tbarry\Application Data\BitTorrent moved successfully.
File/Folder C:\Program Files\LimeWire not found.
C:\Program Files\BitTorrent\share\themes\MS-Windows\gtk-2.0 moved successfully.
C:\Program Files\BitTorrent\share\themes\MS-Windows moved successfully.
C:\Program Files\BitTorrent\share\themes moved successfully.
C:\Program Files\BitTorrent\share\locale\zh_TW\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\zh_TW moved successfully.
C:\Program Files\BitTorrent\share\locale\zh_CN\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\zh_CN moved successfully.
C:\Program Files\BitTorrent\share\locale\vi\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\vi moved successfully.
C:\Program Files\BitTorrent\share\locale\tr\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\tr moved successfully.
C:\Program Files\BitTorrent\share\locale\sv\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\sv moved successfully.
C:\Program Files\BitTorrent\share\locale\sl\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\sl moved successfully.
C:\Program Files\BitTorrent\share\locale\sk\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\sk moved successfully.
C:\Program Files\BitTorrent\share\locale\ru\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\ru moved successfully.
C:\Program Files\BitTorrent\share\locale\ro\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\ro moved successfully.
C:\Program Files\BitTorrent\share\locale\pt_BR\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\pt_BR moved successfully.
C:\Program Files\BitTorrent\share\locale\pt\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\pt moved successfully.
C:\Program Files\BitTorrent\share\locale\pl\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\pl moved successfully.
C:\Program Files\BitTorrent\share\locale\nl\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\nl moved successfully.
C:\Program Files\BitTorrent\share\locale\nb_NO\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\nb_NO moved successfully.
C:\Program Files\BitTorrent\share\locale\ko\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\ko moved successfully.
C:\Program Files\BitTorrent\share\locale\ja\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\ja moved successfully.
C:\Program Files\BitTorrent\share\locale\it\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\it moved successfully.
C:\Program Files\BitTorrent\share\locale\is\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\is moved successfully.
C:\Program Files\BitTorrent\share\locale\hu\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\hu moved successfully.
C:\Program Files\BitTorrent\share\locale\he\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\he moved successfully.
C:\Program Files\BitTorrent\share\locale\fr\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\fr moved successfully.
C:\Program Files\BitTorrent\share\locale\es_MX\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\es_MX moved successfully.
C:\Program Files\BitTorrent\share\locale\es\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\es moved successfully.
C:\Program Files\BitTorrent\share\locale\el\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\el moved successfully.
C:\Program Files\BitTorrent\share\locale\de\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\de moved successfully.
C:\Program Files\BitTorrent\share\locale\da\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\da moved successfully.
C:\Program Files\BitTorrent\share\locale\cs\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\cs moved successfully.
C:\Program Files\BitTorrent\share\locale\ca\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\ca moved successfully.
C:\Program Files\BitTorrent\share\locale\bg\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\bg moved successfully.
C:\Program Files\BitTorrent\share\locale\af\LC_MESSAGES moved successfully.
C:\Program Files\BitTorrent\share\locale\af moved successfully.
C:\Program Files\BitTorrent\share\locale moved successfully.
C:\Program Files\BitTorrent\share moved successfully.
C:\Program Files\BitTorrent\etc\pango moved successfully.
C:\Program Files\BitTorrent\etc\gtk-2.0 moved successfully.
C:\Program Files\BitTorrent\etc moved successfully.
C:\Program Files\BitTorrent moved successfully.
File/Folder C:\Program Files\DNA not found.
C:\WINDOWS\imsins.BAK moved successfully.
File/Folder C:\DOCUME~1\tbarry\LOCALS~1\Temp\PZNCD.exe not found.
File/Folder C:\DOCUME~1\tbarry\LOCALS~1\Temp\WRPSFGUQF.exe not found.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_074804
Hijack This Results:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:42 AM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\TSLLkSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Documents and Settings\tbarry\Desktop\OTMoveIt3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [StartTSL] C:\WINDOWS\system32\StartTSL.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=48835O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 6501156656O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 5694989622O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Transparent Screen Lock PRO Service (TSL PRO Lock Server) - e-motional.com a division of Esm Software - C:\WINDOWS\system32\TSLLkSrv.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
--
End of file - 10898 bytes