ComboFix appeared to run OK and, after running ComboFix, I was able to run HiJack This. Logs below:
Thanks!
Jay
ComboFix 08-05-01.3 - jdavis 05/07/2008 8:25:27.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.406 [GMT -4:00]
Running from: C:\Documents and Settings\jdavis\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\cookies.ini
C:\WINNT\system32\hfyoapop.dll
C:\WINNT\system32\hggsijne.ini
C:\WINNT\system32\hyymrfjw.dll
C:\WINNT\system32\nnnkJCUN.dll
C:\WINNT\system32\popaoyfh.ini
C:\WINNT\system32\qoMfebBs.dll
C:\WINNT\system32\sBbefMoq.ini
C:\WINNT\system32\sBbefMoq.ini2
C:\WINNT\system32\wjfrmyyh.ini
C:\WINNT\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-07 08:34 . 16,384 C:\WINNT\system32\Perflib_Perfdata_530.dat
2008-05-06 19:43 . 08-05-06 19:43 <DIR> d-a------ C:\WINNT\system32\Kaspersky Lab
2008-05-06 19:43 . 08-05-06 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-06 07:33 . 08-05-07 07:05 646,164 ---h----- C:\WINNT\ShellIconCache
2008-05-06 07:30 . 08-05-06 07:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-05 12:24 . 08-05-07 08:32 11,738 --a------ C:\WINNT\system32\Config.MPF
2008-05-05 10:23 . 08-05-05 10:22 102,664 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2008-05-05 10:22 . 08-05-05 12:14 <DIR> d-------- C:\Documents and Settings\jdavis\.housecall6.6
2008-05-04 17:43 . 08-05-04 17:43 <DIR> d-------- C:\Program Files\ParetoLogic
2008-05-04 17:43 . 08-05-04 17:43 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-05-04 17:43 . 08-05-04 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-04-30 14:51 . 08-04-30 14:51 <DIR> d-------- C:\Program Files\iReport-2.0.4
2008-04-30 14:51 . 08-04-30 14:51 <DIR> d-------- C:\Documents and Settings\jdavis\.ireport
2008-04-30 14:50 . 08-04-30 14:51 <DIR> d-------- C:\Program Files\Fishbowl
2008-04-30 14:50 . 08-04-30 14:50 <DIR> d--h----- C:\Documents and Settings\jdavis\InstallAnywhere
2008-04-30 14:50 . 08-04-30 14:50 <DIR> d--h----- C:\Documents and Settings\jdavis\.fishbowl
2008-04-29 18:49 . 08-04-29 18:49 106,496 --a------ C:\WINNT\system32\jczcpavm.exe
2008-04-29 18:17 . 08-05-05 10:06 613 --a------ C:\WINNT\wininit.ini
2008-04-29 17:15 . 08-05-02 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zelubixc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-23 11:39 --------- d---a-w C:\Program Files\McAfee
2008-04-03 18:01 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-03 18:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 17:52 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-02 18:08 --------- d-----w C:\Program Files\Volts
2008-03-26 16:47 --------- d-----w C:\Documents and Settings\jdavis\Application Data\Volts
2008-03-14 15:43 --------- d-----w C:\Program Files\Google
2008-03-07 18:17 --------- d-----w C:\Program Files\The Weather Channel FW
2008-03-07 15:59 --------- d-----w C:\Documents and Settings\jdavis\Application Data\Autodesk
2008-03-07 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-07 15:34 --------- d-----w C:\Program Files\Autodesk
2008-03-07 15:34 --------- d-----w C:\Documents and Settings\jdavis\Application Data\Downloaded Installations
2008-02-21 14:42 691,545 ----a-w C:\WINNT\unins000.exe
2005-09-05 15:44 271 ---h--w C:\Program Files\desktop.ini
2005-09-05 15:44 21,952 ---h--w C:\Program Files\folder.htt
2003-07-14 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
<pre>
----a-w 50,795,746 2004-05-10 15:53:56 C:\Backup\Jay\Partition Magic\Partition Magic 8 Pro FULL BY PILPELON .exe
----a-w 50,795,746 2004-05-10 16:53:56 C:\RECYCLER\S-1-5-21-1645522239-515967899-682003330-1003\Dc299\Jay\Partition Magic\Partition Magic 8 Pro FULL BY PILPELON .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 12:43 2097488]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [06-03-30 16:45 313472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06-06-01 13:32 94208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [08-01-03 12:15 50528]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [07-12-20 09:10 715888]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [07-07-13 19:14 2643312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-07-14 08:00 111376 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [03-10-06 14:16 5058560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [08-02-22 05:25 144784]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [06-01-12 20:52 483328]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [03-10-06 14:16 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-09-13 08:05 180269]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe" [02-05-24 08:46 188416]
"HPHmon04"="C:\WINNT\system32\hphmon04.exe" [02-06-20 15:06 339968]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [02-05-24 08:47 49152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [03-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [06-05-12 16:50 36864]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [06-05-12 16:51 40960]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [06-05-08 15:25 69632]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [06-11-07 15:49 1121280]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [06-01-12 16:40 155648]
"MaBtSh"="C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [06-02-08 05:29 24576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [07-08-03 23:33 582992]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [04-02-27 14:29 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [04-02-12 17:40 163840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-07-14 08:00 186640]
C:\Documents and Settings\jdavis\Start Menu\Programs\Startup\
FileOpenAPI.exe.lnk - C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe [2006-08-28 12:30:26 57344]
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [2006-06-27 08:49:34 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-07-20 16:12:23 25214]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 05:35:22 10872]
Image Retriever.lnk - C:\Program Files\ScanSoft\PaperPort\xdcla.exe [2006-06-13 17:27:52 233472]
Memory Stick Monitor.lnk - C:\Program Files\MSAC-FD1\MSSTAT.EXE [2007-11-02 09:06:17 204800]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"r29CiUo21a"= C:\Documents and Settings\All Users\Application Data\zelubixc\bkvkvsxk.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [07-07-13 18:03 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkJCUN]
nnnkJCUN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\qoMfebBs
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [02-04-10 17:00 ]
R2 BA180O8R;BA180O8R;C:\WINNT\System32\Drivers\MADC300D.sys [06-09-07 01:22 ]
R2 FPMSNT;FPMSNT;C:\WINNT\system32\drivers\FPMSNT.sys [00-06-06 16:47 ]
R2 Sdselect;Sdselect;C:\WINNT\system32\drivers\Sdselect.sys [00-11-14 11:54 ]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINNT\system32\DRIVERS\Ma730Pt.sys [06-04-13 03:42 ]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINNT\system32\DRIVERS\Ma730Vad.sys [05-11-22 02:32 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 08:05 ]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 DMON;DMON;D:\Windows floppy2\Diskmon\DMON.SYS []
S3 FILEMON;FILEMON;C:\WINNT\system32\drivers\FILEM.SYS []
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINNT\system32\DRIVERS\MA730C.sys [06-07-27 23:37 ]
S3 REGMON;REGMON;C:\WINNT\system32\drivers\REGSYS.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 22:30:10 C:\WINNT\Tasks\Daily.job"
- C:\WINNT\system32\ntbackup.exe“backup
"2008-02-25 13:56:51 C:\WINNT\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-04 21:43:58 C:\WINNT\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-05-04 21:43:45 C:\WINNT\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
"2008-05-07 04:33:01 C:\WINNT\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 08:35:11
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
--
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
Completion time: 2008-05-07 8:45:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 12:45:00
Pre-Run: 11,617,906,688 bytes free
Post-Run: 11,538,665,472 bytes free
187 --- E O F --- 2008-04-11 14:46:47
HJT:---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:17 AM, on 5/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINNT\system32\HPHipm11.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\ScanSoft\PaperPort\xdcla.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINNT\explorer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\jdavis\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKLM\..\Policies\Explorer\Run: [r29CiUo21a] C:\Documents and Settings\All Users\Application Data\zelubixc\bkvkvsxk.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Image Retriever.lnk = C:\Program Files\ScanSoft\PaperPort\xdcla.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSSTAT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13c3dce5763a8622ba05/netzip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.onlinegis.net/download/MgViewer6.0CAB/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} -
O20 - Winlogon Notify: nnnkJCUN - nnnkJCUN.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 12193 bytes