Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1
2/11/2009 2:22:06 PM
mbam-log-2009-02-11 (14-22-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 329839
Time elapsed: 1 hour(s), 36 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{558da1bf-8a45-44fd-8447-30e2c8faf74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{558da1bf-8a45-44fd-8447-30e2c8faf74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{558da1bf-8a45-44fd-8447-30e2c8faf74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.158,85.255.112.107 -> Quarantined and deleted successfully.
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Scottie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJ3CS0I\keygen_Caretta_GUI_Design_Studio_3_0_83_0_3552[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Scottie\Desktop\torrents\keygen_Caretta_GUI_Design_Studio_3_0_83_0_3552.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Scottie\Documents\Azureus Downloads\Keygen\Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\resycled\ntldr.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxxwsfakeh.sys (Trojan.Agent) -> Quarantined and deleted successfully.
ComboFix 09-02-11.01 - Scottie 2009-02-11 14:34:46.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1996 [GMT -6:00]
Running from: c:\users\Scottie\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.
2009-02-11 12:43 . 2009-02-11 12:43 <DIR> d-------- c:\users\Scottie\AppData\Roaming\Malwarebytes
2009-02-11 12:43 . 2009-02-11 12:43 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-11 12:43 . 2009-02-11 12:43 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-11 12:43 . 2009-02-11 12:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 12:43 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-11 12:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-06 11:33 . 2009-02-06 11:33 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 10:26 . 2009-02-02 10:27 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-02 10:26 . 2009-02-02 10:27 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-02 10:26 . 2009-02-02 10:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 11:46 . 2009-01-23 11:46 <DIR> d-------- C:\IP Switcher GUI
2009-01-23 11:36 . 2009-01-23 11:56 <DIR> d-------- c:\program files\GUI Design Studio
2009-01-22 15:48 . 2009-01-22 15:49 284,047,859 --a------ c:\windows\MEMORY.DMP
2009-01-13 13:34 . 2008-12-15 20:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 20:32 --------- d-----w c:\users\Scottie\AppData\Roaming\Azureus
2009-02-06 20:32 --------- d-----w c:\program files\Vuze
2009-02-06 17:47 --------- d-----w c:\program files\Bonjour
2009-01-15 09:01 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 09:02 --------- d-----w c:\program files\Windows Mail
2009-01-04 21:32 --------- d-----w c:\program files\CCleaner
2009-01-03 02:02 --------- d-----w c:\users\Scottie\AppData\Roaming\Tunebite
2008-12-21 23:50 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-13 21:29 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-13 21:29 --------- d-----w c:\program files\Java
2008-05-04 18:42 8 ----a-w c:\users\Scottie\AppData\Roaming\usb.dat.bin
2008-01-21 02:41 174 --sha-w c:\program files\desktop.ini
2007-12-08 00:30 92,064 ----a-w c:\users\Scottie\mqdmmdm.sys
2007-12-08 00:30 9,232 ----a-w c:\users\Scottie\mqdmmdfl.sys
2007-12-08 00:30 79,328 ----a-w c:\users\Scottie\mqdmserd.sys
2007-12-08 00:30 66,656 ----a-w c:\users\Scottie\mqdmbus.sys
2007-12-08 00:30 6,208 ----a-w c:\users\Scottie\mqdmcmnt.sys
2007-12-08 00:30 5,936 ----a-w c:\users\Scottie\mqdmwhnt.sys
2007-12-08 00:30 4,048 ----a-w c:\users\Scottie\mqdmcr.sys
2007-12-08 00:30 25,600 ----a-w c:\users\Scottie\usbsermptxp.sys
2007-12-08 00:30 22,768 ----a-w c:\users\Scottie\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-03-29 21:14 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 06:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-20 20:23 125952 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-07-30 09:41 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-12-19 10:27 136768 c:\common framework\UdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2008-09-08 16:00 323216 c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-12 04:28 8497696 c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-12 04:28 81920 c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-09-12 04:28 86016 c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2007-02-22 19:50 112216 c:\mcafee\shstat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-13 15:29 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
--a------ 2008-06-04 08:40 6366512 c:\program files\RapidSolution\Tunebite\Tunebite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 12:55 341232 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2007-04-09 11:32 19456 c:\windows\System32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2007-04-09 11:32 19968 c:\windows\System32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2704312090-1826974794-3783081445-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D60A61C-5493-459F-A0E8-2391A134D7EF}"= UDP:c:\common framework\FrameworkService.exe:McAfee Framework Service
"{5B736A3D-069E-483A-B4C6-8F9EAB6A3C8C}"= TCP:c:\common framework\FrameworkService.exe:McAfee Framework Service
"{8F41BC28-1F2F-489C-8FDE-A780EEF759A8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EE0DC099-B869-4C11-BB80-5C58890E3957}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D96EF600-8F23-47AA-9C81-BB2F0E42C85B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1647FCD1-6459-4BDE-88C5-A1D26AB1383A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D907E07F-2E18-4D01-A690-59B182C8E2CD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5713B308-1B14-44E5-BA4D-39895F601E81}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{A59F38ED-246F-44B6-8796-B6BBD2FA4846}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{54CCC1E4-7676-418A-92C7-AC95269FD394}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{326F8717-2876-4F2B-B882-E0F79046C903}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{7CE7375B-A407-4FD1-B569-EA234904B829}"= UDP:3703:Adobe Version Cue CS3 Server
"{D65917CE-A30A-4168-970B-6DFC9B904A6B}"= UDP:3704:Adobe Version Cue CS3 Server
"{792095E7-9B3A-4448-91A3-2060D73C872B}"= UDP:50900:Adobe Version Cue CS3 Server
"{788CA6D1-C307-42D5-A3DA-465CE66335FE}"= UDP:50901:Adobe Version Cue CS3 Server
"{E4BA0A5B-534D-48B5-BD86-B443FC5701C1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5D800706-8C97-40A7-A9A9-6F9002385D9D}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{7C68B830-8A79-4B6E-AF23-984E4BEB552F}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{FF9F0396-143C-4A32-A955-2547186F9FD6}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{F9A55968-E75C-4253-9F47-4016D7489807}"= UDP:56912:Vuze
"{5326239A-FEB9-41F2-90DD-8FD26C9056BB}"= TCP:56912:Vuze
"TCP Query User{87196A9E-8FF0-4320-BC7B-02806CC83321}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster
"UDP Query User{6FA35B3C-BAD4-4AEF-A5F6-454734FFD926}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1356085a-d93a-11dd-8779-000c6e57f80c}]
\shell\AutoRun\command - I:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15904d80-6d82-11dd-b265-000c6e57f80c}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81a7feaa-6d67-11dd-8996-000c6e57f80c}]
\shell\AutoRun\command - .\Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster -
file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia -
file://c:\program files\ieSpell\wikipedia.HTM
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} -
hxxp://myitlab.pearsoned.com/Pegasus/Mo ... x/stub.cabDPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} -
hxxp://www.syncmyride.com/Own/Modules/U ... s/sync.cab.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-11 14:39:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2009-02-11 14:43:42
ComboFix-quarantined-files.txt 2009-02-11 20:42:21
Pre-Run: 61,799,673,856 bytes free
Post-Run: 62,150,967,296 bytes free
177 --- E O F --- 2009-01-22 21:56:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:14 PM, on 2/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\mcafee\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling -
res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) -
http://myitlab.pearsoned.com/Pegasus/Mo ... x/stub.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} (SyncXfer Class) -
http://www.syncmyride.com/Own/Modules/U ... s/sync.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\mcafee\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\mcafee\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
--
End of file - 7902 bytes