Combofix and HiJack results
Below are the ComboFix and HiJack results.
ComboFix 08-06-03.1 - Owner 2008-06-04 21:07:47.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\WinBudget
C:\WINDOWS\cookies.ini
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\adhppupw.ini
C:\WINDOWS\system32\agyyyjcb.ini
C:\WINDOWS\system32\aJPonnpo.ini
C:\WINDOWS\system32\aJPonnpo.ini2
C:\WINDOWS\system32\bsqithnj.ini
C:\WINDOWS\system32\ddcCRIBU.dll
C:\WINDOWS\system32\dewavqvy.dll
C:\WINDOWS\system32\euflriio.ini
C:\WINDOWS\system32\ewkytirq.ini
C:\WINDOWS\system32\fvcoidjm.dll
C:\WINDOWS\system32\gchlltav.ini
C:\WINDOWS\system32\GNXIOXbc.ini
C:\WINDOWS\system32\GNXIOXbc.ini2
C:\WINDOWS\system32\hggOYJjl.ini
C:\WINDOWS\system32\hggOYJjl.ini2
C:\WINDOWS\system32\iayxoosq.ini
C:\WINDOWS\system32\iifdDTmn.dll
C:\WINDOWS\system32\jcfgflka.ini
C:\WINDOWS\system32\jnhtiqsb.dll
C:\WINDOWS\system32\jpyceviu.ini
C:\WINDOWS\system32\jygvhroc.ini
C:\WINDOWS\system32\lnoYcMoq.ini
C:\WINDOWS\system32\lnoYcMoq.ini2
C:\WINDOWS\system32\mjdiocvf.ini
C:\WINDOWS\system32\MVCIknmp.ini
C:\WINDOWS\system32\MVCIknmp.ini2
C:\WINDOWS\system32\ohkxunfd.ini
C:\WINDOWS\system32\OrBbaGgh.ini
C:\WINDOWS\system32\OrBbaGgh.ini2
C:\WINDOWS\system32\paslfnwc.ini
C:\WINDOWS\system32\pbnsonee.ini
C:\WINDOWS\system32\PpAKknmp.ini
C:\WINDOWS\system32\PpAKknmp.ini2
C:\WINDOWS\system32\QqBcJkkj.ini
C:\WINDOWS\system32\QqBcJkkj.ini2
C:\WINDOWS\system32\qstBcfii.ini
C:\WINDOWS\system32\qstBcfii.ini2
C:\WINDOWS\system32\rexuvdsw.ini
C:\WINDOWS\system32\sykhobet.ini
C:\WINDOWS\system32\UBIRCcdd.ini
C:\WINDOWS\system32\UBIRCcdd.ini2
C:\WINDOWS\system32\uckpyyys.ini
C:\WINDOWS\system32\vatllhcg.dll
C:\WINDOWS\system32\VxyHOqss.ini
C:\WINDOWS\system32\VxyHOqss.ini2
C:\WINDOWS\system32\xfhxrirf.ini
C:\WINDOWS\system32\xiibgalo.ini
C:\WINDOWS\system32\xwxHRqss.ini
C:\WINDOWS\system32\xwxHRqss.ini2
C:\WINDOWS\system32\yufttshq.ini
C:\WINDOWS\system32\yvqvawed.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_yzbgqap
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-04 14:52 . 2008-06-04 14:52 95,232 --a------ C:\WINDOWS\system32\eenosnbp.dll
2008-05-31 22:27 . 2008-05-31 22:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-31 22:26 . 2008-05-31 22:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-31 22:26 . 2008-05-31 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-31 22:25 . 2008-05-31 22:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-23 06:23 . 2008-05-23 06:23 <DIR> d-------- C:\Program Files\Audible
2008-05-20 20:38 . 2008-05-20 20:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 20:38 . 2008-05-20 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 20:23 . 2008-05-19 20:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 20:23 . 2008-05-19 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 21:46 . 2008-05-16 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 03:02 . 2008-05-12 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-11 07:55 . 2008-05-11 22:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-05-11 06:55 . 2008-05-10 17:08 94,208 --a------ C:\WINDOWS\oadkxrts.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 19:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-05-17 04:43 --------- d-----w C:\Program Files\Lavasoft
2008-05-07 22:26 --------- d-----w C:\Program Files\Kidzui
2008-04-22 11:13 --------- d-----w C:\Program Files\McAfee
2008-03-31 19:16 5,607 ----a-w C:\WINDOWS\~GLH0003.TMP
2008-03-31 19:16 26,624 ----a-w C:\WINDOWS\~GLH0002.TMP
2008-03-31 19:16 155,136 ----a-w C:\WINDOWS\~GLC0001.TMP
2001-10-30 13:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-09-10 15:00 139,264 ----a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-08-18 00:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-06-29 14:10 163,840 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 02:02:48 C:\hp\KBD\bak\KBD.EXE
----a-w 315,392 2003-03-01 02:00:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2006-01-11 05:05:03 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 185,896 2007-12-15 23:57:03 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
----a-w 110,592 2003-08-19 07:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe
-c--a-w 36,975 2005-11-10 18:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 430,080 2004-03-08 19:50:50 C:\Program Files\LiveUpdate\bak\LiveUpdate.exe
----a-w 430,080 2004-03-08 19:50:50 C:\Program Files\LiveUpdate\LiveUpdate.exe
----a-w 0 2007-12-16 00:14:49 C:\Program Files\LiveUpdate\bak\LiveUpdate.log
-c--a-w 85 2006-02-04 04:36:35 C:\Program Files\LiveUpdate\LiveUpdate.log
----a-w 40,960 2001-08-10 16:50:38 C:\Program Files\ScanSoft\PaperPort\bak\PPWebCap.exe
----a-w 40,960 2001-08-10 16:50:38 C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE
----a-w 86,016 2001-10-30 13:09:10 C:\Program Files\Visioneer OneTouch\bak\OneTouchMon.exe
----a-w 86,016 2001-10-30 13:09:10 C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
----a-w 204,288 2006-10-19 02:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe
-c--a-w 497,376 1998-11-30 23:04:28 C:\WINDOWS\bak\p_981116.exe
----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE
----a-w 331,776 2003-03-18 08:50:36 C:\WINDOWS\CREATOR\bak\Remind_XP.exe
----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe
----a-w 114,688 2003-03-12 00:11:56 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 155,648 2001-07-09 16:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 385,024 2003-10-20 20:29:06 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\fppdis2a.exe
----a-w 196,608 2001-11-29 19:44:05 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb04.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34829928-2B87-4400-BAA9-0FF308A976CB}]
C:\WINDOWS\system32\iifcBtsq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A9AE70F-EAA0-464E-90A7-6D0D044D65AF}]
C:\WINDOWS\system32\qoMcYonl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-23 19:31 1343488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-15 18:57 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"d0bb51b8"="C:\WINDOWS\system32\eenosnbp.dll" [2008-06-04 14:52 95232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2006-08-11 14:42 25600 C:\WINDOWS\mididef.exe]
"PlayCenter2"="C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.exe" [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.Y411"= icmyuy2.dll
"VIDC.VGPX"= vgpix32d.dll
"VIDC.I263"= i263_32.drv
"vidc.xvid"= xvid.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 16:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 02:12:04 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-05-15 07:26:26 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:20:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\eenosnbp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-04 21:29:08 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-05 02:28:56
Pre-Run: 45,418,778,624 bytes free
Post-Run: 45,484,494,848 bytes free
238 --- E O F --- 2008-05-19 08:03:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:39 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {34829928-2B87-4400-BAA9-0FF308A976CB} - C:\WINDOWS\system32\iifcBtsq.dll (file missing)
O2 - BHO: (no name) - {3A9AE70F-EAA0-464E-90A7-6D0D044D65AF} - C:\WINDOWS\system32\qoMcYonl.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [d0bb51b8] rundll32.exe "C:\WINDOWS\system32\eenosnbp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PlayCenter2] "C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBAudigy\PlayCenter2" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10704 bytes