hi, thanks for sticking it out w/ me. i had AVG free at the time this showed up, i uninstalled it because this got thru. i'll reinstall when you say all's clear to do so.
one of the last 2 scans/tests came up briefly w/ an error warning about something like "only working w/ 98, ME, XP OS's" ,... it disappeared before i could read it.
also, i must have missed "Show Results" on Malwarebyte so i didn't get to the "Remove Selected", but i don't think it found anything, please lemmie know if i need to run again or something.
ComboFix 09-04-14.09 - Rex 04/14/2009 11:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.30 [GMT -5:00]
Running from: c:\documents and settings\Rex\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rex\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\documents and settings\Rex\Local Settings\rfxsvwb.trc
c:\windows\system32\msvcd0cb.rra
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rex\Local Settings\rfxsvwb.trc
c:\windows\system32\msvcd0cb.rra
.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.
2009-04-14 16:03 . 2009-04-14 16:03 -------- d-----w C:\32788R22FWJFW
2009-04-14 14:46 . 2006-03-03 05:42 73728 ----a-w C:\pv.exe
2009-04-13 16:46 . 2009-04-14 11:32 4195256 ----a-w c:\windows\pfirewall.log.old
2009-04-13 16:02 . 2009-04-13 16:03 -------- d-----w c:\windows\system32\NtmsData
2009-04-13 06:21 . 2009-04-13 06:21 7680 --sha-w c:\windows\Thumbs.db
2009-04-13 05:59 . 2007-09-15 20:11 27136 ----a-w c:\windows\system32\PCWizard.cpl
2009-04-12 19:58 . 2009-04-12 21:25 -------- d-----w C:\rsit
2009-04-12 16:03 . 2009-04-12 16:03 -------- d-----w c:\windows\system32\KB905474
2009-04-12 16:03 . 2009-03-11 03:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-12 16:03 . 2009-03-11 03:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-12 16:03 . 2009-02-09 23:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-12 02:35 . 2009-04-13 00:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-12 01:38 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-12 01:38 . 2008-10-16 19:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-12 01:38 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-11 20:28 . 2009-04-11 20:28 -------- d-----w c:\documents and settings\Rex\Application Data\Malwarebytes
2009-04-11 20:28 . 2009-04-11 20:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 19:47 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-11 19:47 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-11 19:47 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-11 19:47 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-11 19:47 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-11 19:47 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-11 19:47 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-11 19:47 . 2007-03-08 05:10 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-11 19:47 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-10 03:10 . 2009-04-10 03:16 -------- d-----w c:\documents and settings\Rex\Application Data\IBP
2009-04-01 15:34 . 2009-04-01 15:35 -------- d-----w c:\documents and settings\Rex\Local Settings\Application Data\Thunderbird
2009-04-01 15:34 . 2009-04-01 15:34 -------- d-----w c:\documents and settings\Rex\Application Data\Thunderbird
2009-03-29 02:34 . 1998-07-08 22:30 18944 ----a-r c:\windows\eraser.exe
2009-03-29 00:55 . 2009-03-29 00:55 -------- d-----w c:\windows\system32\scripting
2009-03-29 00:54 . 2009-03-29 00:54 -------- d-----w c:\windows\l2schemas
2009-03-29 00:54 . 2009-03-29 00:54 -------- d-----w c:\windows\system32\en
2009-03-21 19:42 . 2005-02-23 19:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-03-21 19:41 . 2009-03-23 14:39 -------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-03-21 19:36 . 2009-03-21 19:36 25 ----a-w c:\windows\EPSCX9400Fax.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 16:03 . 2009-04-14 16:03 1068 ----a-w C:\Bug.txt
2009-04-14 00:14 . 2009-04-12 19:58 -------- d-----w c:\program files\trend micro
2009-04-13 22:30 . 2006-03-26 06:54 -------- d-----w c:\program files\Ahead
2009-04-13 22:30 . 2006-03-26 06:54 -------- d-----w c:\program files\Common Files\Ahead
2009-04-13 05:59 . 2009-04-13 05:59 -------- d-----w c:\program files\PC Wizard 2008
2009-04-13 00:22 . 2009-04-12 02:35 -------- d-----w c:\program files\Lavasoft
2009-04-12 23:47 . 2009-04-12 16:10 444 ----a-w C:\aaw7boot.log
2009-04-12 16:01 . 2008-02-16 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-12 06:24 . 2006-10-19 03:01 -------- d-----w c:\program files\Yahoo!
2009-04-05 12:58 . 2006-06-08 03:00 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-05 12:58 . 2006-06-08 03:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-05 12:58 . 2006-06-08 03:00 -------- d-----w c:\program files\Symantec
2009-04-01 03:42 . 2009-04-01 03:42 -------- d-----w c:\program files\AVG
2009-03-29 03:07 . 2009-03-29 02:33 -------- d-----w c:\program files\LeechFTP
2009-03-29 01:20 . 2009-03-29 01:20 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009032820090329\index.dat
2009-03-29 01:03 . 2005-08-21 03:41 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-29 00:42 . 2002-08-29 12:00 250048 --sha-r C:\ntldr
2009-03-23 19:40 . 2009-03-21 19:36 -------- d-----w c:\program files\epson
2009-03-23 14:40 . 2005-08-21 04:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 14:37 . 2009-03-21 19:42 -------- d-----w c:\program files\ArcSoft
2009-03-23 14:36 . 2007-01-03 01:17 -------- d-----w c:\documents and settings\Rex\Application Data\ArcSoft
2009-03-01 21:33 . 2006-02-23 21:07 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-01 21:33 . 2009-03-01 21:33 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-01 21:33 . 2009-03-01 21:33 -------- d-----w c:\program files\ACD Systems
2009-02-09 11:13 . 2002-08-29 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 13:19 . 2005-08-21 06:06 38336 ----a-w c:\documents and settings\Rex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-20 15:16 . 2007-01-03 05:33 921624 ----a-w C:\img2-001.raw
.
((((((((((((((((((((((((((((( SnapShot@2009-04-14_14.57.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 16:08 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-14 14:54 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-03-19 90112]
"IMONTRAY"="c:\program files\Intel\Intel(R) Active Monitor\imontray.exe" [2002-05-03 32768]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrayMin700.exe.lnk - c:\program files\Philips\SPC 700NC PC Camera\TrayMin700.exe [2007-1-2 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= dvc.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
R3 PCIDATA;PCIDATA; [x]
R3 s3m;s3m;c:\windows\system32\DRIVERS\s3m.sys [2001-08-17 166720]
R3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem; [x]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\DRIVERS\phc700.sys [2005-06-07 541568]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [2003-04-10 636416]
.
Contents of the 'Scheduled Tasks' folder
2009-04-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-06-08 17:23]
2009-04-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-12 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rex\Application Data\Mozilla\Firefox\Profiles\1jixv2bb.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/firefoxFF - prefs.js: keyword.URL -
hxxp://searchservice.myspace.com/index. ... MC-FF&qry=FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-14 11:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Intel(R) Active Monitor\imonNT.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 16:16
ComboFix2.txt 2009-04-14 15:01
Pre-Run: 13,972,914,176 bytes free
Post-Run: 13,959,737,344 bytes free
192 --- E O F --- 2009-04-13 08:01
Malwarebytes' Anti-Malware 1.36
Database version: 1982
Windows 5.1.2600 Service Pack 3
4/14/2009 11:37:20 AM
mbam-log-2009-04-14 (11-37-20).txt
Scan type: Quick Scan
Objects scanned: 71971
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:43 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5722 bytes