ComboFix 09-05-31.06 - dimi 02/06/2009 22:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3326.2271 [GMT 10:00]
Running from: c:\users\dimi\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\dimi\AppData\Local\Temp\ppcrlui_5520_2
c:\users\dimi\AppData\Roaming\
020000004125faca565C.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca565O.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca565P.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca565S.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca598C.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca598O.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca598P.manifest
c:\users\dimi\AppData\Roaming\
020000004125faca598S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\d3dx9_3032.dll
c:\windows\system32\DMUSIC32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32
c:\windows\system32\SystemService32\157.crack.zip
c:\windows\system32\SystemService32\157.crack.zip.kwd
c:\windows\system32\SystemService32\158.keygen.zip
c:\windows\system32\SystemService32\158.keygen.zip.kwd
c:\windows\system32\SystemService32\159.serial.zip
c:\windows\system32\SystemService32\159.serial.zip.kwd
c:\windows\system32\SystemService32\160.setup.zip
c:\windows\system32\SystemService32\160.setup.zip.kwd
c:\windows\system32\SystemService32\161.music.au
c:\windows\system32\SystemService32\161.music.au.kwd
c:\windows\system32\SystemService32\162.music.mp3
c:\windows\system32\SystemService32\162.music.mp3.kwd
c:\windows\system32\SystemService32\163.music.wma
c:\windows\system32\SystemService32\163.music.wma.kwd
c:\windows\system32\SystemService32\164.music.snd
c:\windows\system32\SystemService32\164.music.snd.kwd
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Ias
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.
2009-06-02 08:00 . 2009-06-02 08:00 -------- d-----w- c:\users\dimi\AppData\Roaming\WinPatrol
2009-06-02 08:00 . 2008-03-11 20:59 74 ----a-w- c:\users\dimi\AppData\Roaming\WinPatrol\Autoexec.bat
2009-06-02 08:00 . 2006-09-18 21:43 10 ----a-w- c:\users\dimi\AppData\Roaming\WinPatrol\Config.sys
2009-06-02 07:59 . 2009-06-02 07:59 -------- d-----w- c:\program files\BillP Studios
2009-05-30 05:37 . 2009-06-02 12:00 -------- d-----w- c:\users\dimi\AppData\Local\Microsoft Games
2009-05-28 23:34 . 2009-05-28 23:34 -------- d-----w- c:\users\dimi\Logitech
2009-05-28 23:33 . 2009-05-28 23:33 -------- d-----w- c:\program files\Common Files\Remote Control Software Common
2009-05-28 23:32 . 2009-05-28 23:32 -------- d-----w- c:\program files\Common Files\Remote Control USB Driver
2009-05-28 14:23 . 2009-05-28 21:25 -------- d-----w- C:\SysClean-WORM_DOWNAD
2009-05-28 13:23 . 2009-05-28 13:29 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-05-28 13:23 . 2009-05-28 13:29 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-05-28 13:23 . 2009-05-28 13:29 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-05-28 13:23 . 2009-05-28 13:29 387288 ----a-w- c:\windows\system32\kdfmgr.exe
2009-05-27 10:30 . 2009-05-27 12:26 10752 ----a-w- c:\windows\DCEBoot.exe
2009-05-25 03:56 . 2009-05-25 03:56 529224 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-24 11:17 . 2009-05-24 11:17 2855 ----a-w- c:\users\dimi\AppData\Roaming\Microsoft\Windows\Recent\[SUMOTorrent.com]_The_Total_Transformation_Program.pif
2009-05-24 11:17 . 2009-05-24 11:17 -------- d--h--w- c:\windows\PIF
2009-05-23 11:30 . 2009-05-23 11:30 -------- d-----w- c:\users\dimi\AppData\Roaming\CopyTransPhoto
2009-05-23 11:26 . 2009-05-23 11:26 -------- d-----w- c:\users\dimi\AppData\Roaming\iCloner
2009-05-23 11:11 . 2009-05-23 11:11 -------- d-----w- c:\program files\WindSolutions
2009-05-23 11:11 . 2009-05-23 11:11 -------- d-----w- c:\programdata\WindSolutions
2009-05-23 10:55 . 2009-05-23 11:11 -------- d-----w- c:\users\dimi\AppData\Roaming\WindSolutions
2009-05-21 10:32 . 2009-05-21 10:32 -------- d-----w- c:\users\dimi\AppData\Roaming\Canon
2009-05-21 10:30 . 2009-05-21 10:30 -------- d-----w- c:\users\dimi\AppData\Roaming\muvee Technologies
2009-05-20 14:07 . 2009-03-06 02:17 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-20 14:07 . 2009-03-06 02:17 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-20 14:07 . 2009-03-06 02:17 1195512 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-05-20 13:05 . 2009-05-20 13:05 -------- d-----w- c:\windows\LocalSSL
2009-05-20 13:03 . 2009-05-20 13:33 -------- d-----w- c:\programdata\Trend Micro
2009-05-20 13:02 . 2009-06-01 20:43 -------- d-----w- c:\program files\Trend Micro
2009-05-20 13:01 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-05-20 13:01 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-05-20 13:01 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-20 13:01 . 2009-03-03 23:12 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-05-20 13:01 . 2009-03-03 23:12 256528 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2009-05-20 13:01 . 2009-03-03 23:12 145424 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2009-05-20 10:52 . 2009-05-20 12:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-19 13:03 . 2009-05-19 13:03 1372 ----a-w- c:\windows\system32\UMIqsc8.vbs
2009-05-19 13:02 . 2009-05-19 13:02 1372 ----a-w- c:\windows\system32\TU4Zq.vbs
2009-05-16 02:02 . 2009-05-16 02:30 -------- d-----w- c:\users\dimi\AppData\Roaming\FileZilla
2009-05-16 02:02 . 2009-05-16 02:02 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-15 14:38 . 2009-05-15 14:38 -------- d-----w- c:\users\dimi\AppData\Local\Cranium
2009-05-15 13:56 . 2009-05-15 13:56 -------- d-----w- c:\users\dimi\AppData\Local\Cranium_Consulting_and_Cu
2009-05-15 13:54 . 2009-05-15 13:54 25214 ----a-r- c:\users\dimi\AppData\Roaming\Microsoft\Installer\{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}\_EF17D54428325E9F699E95.exe
2009-05-15 13:54 . 2009-05-15 13:54 10398 ----a-r- c:\users\dimi\AppData\Roaming\Microsoft\Installer\{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}\_86ADF835B1C689592C69DA.exe
2009-05-15 13:54 . 2009-05-15 13:54 -------- d-----w- c:\program files\iPhoneBrowser
2009-05-15 04:08 . 2009-05-15 04:13 -------- d-----w- c:\programdata\GlobalSCAPE
2009-05-15 03:47 . 2009-05-15 03:47 -------- d-----w- c:\users\dimi\AppData\Local\GlobalSCAPE
2009-05-15 03:47 . 2009-05-15 03:47 -------- d-----w- c:\users\dimi\AppData\Roaming\GlobalSCAPE
2009-05-15 03:47 . 2009-05-15 03:47 -------- d-----w- c:\program files\GlobalSCAPE
2009-05-14 19:09 . 2009-05-14 19:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-14 19:09 . 2009-05-14 19:09 286720 ------w- c:\windows\Setup1.exe
2009-05-09 13:03 . 2009-05-09 13:03 -------- d-----w- c:\users\dimi\AppData\Roaming\ImTOO Software Studio
2009-05-09 07:15 . 2009-05-09 07:15 -------- d-----w- c:\users\dimi\AppData\Roaming\Computer Aces
2009-05-08 04:48 . 2009-05-08 05:34 -------- d-----w- c:\users\dimi\AppData\Roaming\Apple Computer
2009-05-08 04:48 . 2009-05-08 04:48 -------- d-----w- c:\users\dimi\AppData\Local\Apple Computer
2009-05-08 04:47 . 2009-05-23 11:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-08 04:47 . 2009-05-08 04:47 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 04:47 . 2009-05-08 04:47 -------- d-----w- c:\program files\Bonjour
2009-05-08 04:46 . 2009-05-08 04:47 -------- d-----w- c:\programdata\Apple Computer
2009-05-08 04:46 . 2009-05-08 04:47 -------- d-----w- c:\program files\QuickTime
2009-05-08 04:46 . 2009-05-08 04:46 -------- d-----w- c:\users\dimi\AppData\Local\Apple
2009-05-08 04:46 . 2009-05-08 04:46 -------- d-----w- c:\program files\Apple Software Update
2009-05-08 04:45 . 2009-05-23 11:04 -------- d-----w- c:\program files\Common Files\Apple
2009-05-08 04:45 . 2009-05-08 04:45 -------- d-----w- c:\programdata\Apple
2009-05-05 10:05 . 2009-05-05 10:05 -------- d-----w- c:\users\dimi\AppData\Local\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 12:22 . 2009-04-02 22:39 2855 ----a-w- c:\windows\bthservsdp.dat
2009-05-30 07:54 . 2009-05-30 07:54 5844 --sha-w- c:\windows\system32\BE10.tmp
2009-05-28 23:33 . 2009-04-02 22:38 -------- d-----w- c:\program files\Logitech
2009-05-28 23:33 . 2008-03-11 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 13:24 . 2009-04-21 08:41 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-27 12:53 . 2009-04-03 01:25 -------- d-----w- c:\users\dimi\AppData\Roaming\Azureus
2009-05-25 07:57 . 2009-04-15 13:00 848 --sha-w- c:\programdata\KGyGaAvL.sys
2009-05-25 07:57 . 2009-04-15 13:00 848 --sha-w- c:\programdata\KGyGaAvL.sys
2009-05-24 11:10 . 2009-05-24 11:10 5844 --sha-w- c:\windows\system32\566E.tmp
2009-05-24 10:46 . 2009-05-24 10:46 0 ----a-w- c:\windows\system32\2E0C.tmp
2009-05-22 06:16 . 2009-05-22 06:16 5844 --sha-w- c:\windows\system32\A2D3.tmp
2009-05-20 15:25 . 2009-05-20 13:25 139 ----a-w- c:\windows\udpcrawl.tmp
2009-05-20 13:00 . 2009-04-02 22:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-05-19 11:19 . 2009-04-03 02:27 -------- d-----w- c:\programdata\Corel
2009-05-17 04:52 . 2008-03-11 21:02 -------- d-----w- c:\programdata\Microsoft Help
2009-05-15 14:14 . 2009-04-02 22:55 -------- d-----w- c:\program files\Acro Software
2009-05-13 12:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-24 09:52 . 2009-04-03 01:24 -------- d-----w- c:\program files\Vuze
2009-04-22 23:01 . 2009-04-02 22:38 -------- d-----w- c:\programdata\Logitech
2009-04-21 08:41 . 2009-04-21 08:41 -------- d-----w- c:\programdata\TomTom
2009-04-21 08:41 . 2009-04-21 08:41 -------- d-----w- c:\users\dimi\AppData\Roaming\TomTom
2009-04-21 08:41 . 2009-04-21 08:41 -------- d-----w- c:\program files\TomTom International B.V
2009-04-21 08:40 . 2009-04-21 08:40 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-04-21 00:18 . 2009-04-21 00:18 10684866 ----a-w- c:\users\dimi\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-04-17 10:36 . 2009-04-17 10:36 -------- d-----w- c:\programdata\WindowsSearch
2009-04-17 06:46 . 2009-04-02 23:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-17 05:26 . 2009-04-17 05:26 -------- d-----w- c:\programdata\Redfield
2009-04-17 01:40 . 2009-04-17 01:40 -------- d-----w- c:\program files\Universe Plugins
2009-04-17 01:12 . 2009-04-17 01:12 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-04-17 01:12 . 2009-04-17 01:12 155136 ----a-w- c:\windows\~GLC0000.TMP
2009-04-15 12:54 . 2009-04-03 02:28 5846 ----a-w- c:\windows\system32\KGyGaAvL.sys
2009-04-15 12:53 . 2009-04-02 11:51 254216 ----a-w- c:\users\dimi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-15 12:53 . 2009-04-03 02:28 -------- d-----w- c:\users\dimi\AppData\Roaming\Corel
2009-04-15 12:44 . 2009-04-04 03:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-04-15 12:44 . 2009-04-15 12:35 -------- d-----w- c:\program files\Corel
2009-04-15 12:44 . 2009-04-15 12:35 -------- d-----w- c:\program files\Common Files\Corel
2009-04-15 12:35 . 2009-04-15 12:35 -------- d-----w- c:\program files\Common Files\Protexis
2009-04-15 12:32 . 2009-04-15 12:32 -------- d-----w- c:\program files\ImageSkill
2009-04-15 10:05 . 2009-04-15 10:05 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-11 08:34 . 2009-04-11 08:34 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-08 11:32 . 2009-04-08 11:31 -------- d-----w- c:\program files\Windows Live
2009-04-08 11:31 . 2009-04-08 11:31 -------- d-----w- c:\program files\Microsoft
2009-04-08 11:31 . 2009-04-08 11:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-08 11:26 . 2009-04-08 11:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-06 12:43 . 2009-04-05 00:32 88 ------w- c:\windows\system32\86AE9AE73D.sys
2009-04-05 10:53 . 2009-04-05 10:53 -------- d-----w- c:\programdata\FLEXnet
2009-04-05 10:34 . 2008-03-11 20:53 -------- d-----w- c:\programdata\NVIDIA
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-04-05 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-04-05 10:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-05 10:03 . 2006-11-02 10:32 101888 ------w- c:\windows\system32\ifxcardm.dll
2009-04-05 10:03 . 2006-11-02 10:32 82432 ------w- c:\windows\system32\axaltocm.dll
2009-04-05 01:20 . 2009-04-05 00:33 88 ------w- c:\windows\system32\959FF83584.sys
2009-04-04 13:34 . 2009-04-04 13:34 -------- d-----w- c:\program files\MSXML 4.0
2009-04-04 07:17 . 2009-04-03 02:28 88 ------w- c:\windows\system32\B51B91AEB8.sys
2009-04-04 04:17 . 2009-04-04 04:17 -------- d-----w- c:\users\dimi\AppData\Roaming\DivX
2009-04-04 03:45 . 2009-04-04 03:44 -------- d-----w- c:\program files\DivX
2009-04-04 03:44 . 2009-04-02 12:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-04-04 03:44 . 2009-04-04 03:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-04 02:36 . 2009-04-04 02:36 -------- d-----w- c:\users\dimi\AppData\Roaming\vlc
2009-04-04 02:34 . 2009-04-04 02:34 -------- d-----w- c:\program files\VideoLAN
2009-04-04 02:20 . 2009-04-04 02:20 18816 ------w- c:\windows\system32\drivers\dvd43llh.sys
2009-04-04 02:20 . 2009-04-04 02:20 -------- d-----w- c:\program files\dvd43
2009-04-03 23:59 . 2009-04-03 23:59 -------- d-----w- c:\programdata\LightScribe
2009-04-03 23:16 . 2009-04-03 23:16 -------- d-----w- c:\users\dimi\AppData\Roaming\Nero
2009-04-03 23:15 . 2009-04-03 23:13 -------- d-----w- c:\program files\Common Files\Nero
2009-04-03 23:13 . 2009-04-03 23:13 -------- d-----w- c:\programdata\Nero
2009-04-03 23:13 . 2009-04-03 23:13 -------- d-----w- c:\program files\Nero
2009-04-03 23:06 . 2009-04-03 23:06 -------- d-----w- c:\users\dimi\AppData\Roaming\CyberLink
2009-04-03 23:06 . 2009-04-03 23:06 -------- d-----w- c:\programdata\CyberLink
2009-04-03 14:11 . 2008-03-11 20:53 -------- d-----w- c:\program files\HP
2009-04-03 13:45 . 2009-04-03 13:45 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-03 13:45 . 2009-04-03 13:45 315392 ----a-w- c:\windows\HideWin.exe
2009-04-03 13:45 . 2009-04-03 13:45 -------- d-----w- c:\program files\Realtek
2009-04-03 13:27 . 2009-04-03 13:27 -------- d-----w- c:\program files\Intel
2009-04-03 13:27 . 2009-04-03 13:27 -------- d-----w- c:\users\dimi\AppData\Roaming\WinBatch
2009-04-03 11:53 . 2009-04-03 11:53 167376 ----a-w- c:\users\dimi\AppData\Roaming\Mozilla\Firefox\Profiles\qpc85q0w.default\FlashGot.exe
2009-04-02 18:52 . 2009-04-02 18:52 269312 ----a-w- c:\windows\system32\es.dll
2009-04-02 18:46 . 2009-04-02 18:46 1965056 ----a-w- c:\windows\system32\NlsData001a.dll
2009-04-02 18:45 . 2009-04-02 18:45 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-04-02 18:45 . 2009-04-02 18:45 988216 ----a-w- c:\windows\system32\winload.exe
2009-04-02 18:45 . 2009-04-02 18:45 927288 ----a-w- c:\windows\system32\winresume.exe
2009-04-02 18:45 . 2009-04-02 18:45 40960 ----a-w- c:\windows\system32\srclient.dll
2009-04-02 18:45 . 2009-04-02 18:45 378368 ----a-w- c:\windows\system32\srcore.dll
2009-04-02 18:45 . 2009-04-02 18:45 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-04-02 18:45 . 2009-04-02 18:45 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-04-02 18:45 . 2009-04-02 18:45 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-04-02 18:45 . 2009-04-02 18:45 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-04-02 18:45 . 2009-04-02 18:45 615992 ----a-w- c:\windows\system32\ci.dll
2009-04-02 18:34 . 2009-04-02 18:34 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-04-02 18:34 . 2009-04-02 18:34 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-04-02 18:34 . 2009-04-02 18:34 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-04-02 18:34 . 2009-04-02 18:34 83968 ----a-w- c:\windows\system32\mscories.dll
2009-04-02 18:34 . 2009-04-02 18:34 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-04-02 12:56 . 2009-04-02 12:56 0 ----a-w- c:\windows\nsreg.dat
2009-04-02 12:40 . 2009-04-02 12:40 680 ----a-w- c:\users\dimi\AppData\Local\d3d9caps.dat
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-10 00:04 . 2009-04-03 06:29 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2008-03-11 20:25 . 2008-03-11 20:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-05-20 497008]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-07 1828136]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-12-05 691200]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-05-20 497008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-3 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-694825972-2939018928-1126776167-1000]
"EnableNotificationsRef"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7974E05B-14C3-494E-9916-C6F37A639725}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{8623164F-C1EF-4140-8E9A-296A56A75D38}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AF5375E5-B574-4B3E-9CB3-AA87E4FEB809}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{05F9EC07-641D-4346-AF2B-929979AE6F15}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6056547B-E44D-422F-98AC-746170618AB6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7CDD1C14-9911-4E0C-BFE6-6BD2115EFE75}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C89D741-1B90-4210-B755-BC383498C46A}"= UDP:5353:Adobe CSI CS4
"{641ABE9A-0A28-43A7-8848-CD6E0A84C9F7}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{5AEF7CD3-E728-41D4-889E-BE685DD2FAE3}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{4FE22A03-5A87-4522-A3F5-33AC5D8684AE}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0FF220C4-78B8-464B-88AC-B46D7A782736}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{1E3EC219-89C8-4CFE-9F3B-34914212F690}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{21C48E96-9B2E-4B95-A815-F07208018FB2}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"TCP Query User{43B8CBEB-B78F-48D0-9A51-D1127780A7E7}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{56E2CED2-E18F-433B-A961-74B697544815}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{6E010190-9DDB-4E2D-AEC2-7C98E4459502}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{494724F2-066C-4DB8-8FA5-6D48F00BBA96}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [20/05/2009 11:01 PM 145424]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [20/05/2009 11:05 PM 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [20/05/2009 11:01 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [20/05/2009 11:04 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [21/05/2009 12:07 AM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [20/05/2009 11:04 PM 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [20/05/2009 11:01 PM 256528]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/04/2009 8:38 PM 92008]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [12/03/2008 6:26 AM 2831232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com.au/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\dimi\AppData\Roaming\Mozilla\Firefox\Profiles\qpc85q0w.default\
FF - prefs.js: browser.startup.homepage -
www.google.com.au.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-02 22:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3276)
c:\program files\Logitech\SetPoint\IMHook.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\windows\System32\schtasks.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\jusched.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Mail\WinMail.exe
c:\hp\KBD\kbd.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-06-02 22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 12:30
Pre-Run: 343,129,800,704 bytes free
Post-Run: 347,470,639,104 bytes free
381 --- E O F --- 2009-05-21 09:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:07 PM, on 2/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 9465 bytes