ComboFix and HijackThis Logs
Thank you for the help!
Just so you know, before I received your reply I ran MalwareBytes in both normal and safe mode. It found a number of problems, mostly Trojan.Vundo.h . Even though Malwarebytes now says i am clean, I still have almost constant browser redirects when I click on search results.
As directed, I ran combo and hijack, here are my logs.
ComboFix 09-02-10.01 - David 2009-02-10 22:53:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1532 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\Malware Detection\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL
c:\program files\MorpheusBar\bar\1.bin\M0POPSWT.DLL
c:\program files\MorpheusBar\bar\1.bin\NPMORPBR.DLL
c:\program files\Mozilla Firefox\plugins\NPMorpBr.dll
c:\windows\system32\winlogon2.exe
c:\windows\Tasks\vryroguf.job
.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 15:03 . 2001-05-11 10:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2009-02-10 19:46 . 2009-02-10 19:46 <DIR> d-------- c:\program files\Avira
2009-02-10 19:46 . 2009-02-10 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-10 19:37 . 2009-02-10 19:38 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-10 19:37 . 2009-02-10 22:39 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-09 15:03 . 2009-02-09 15:03 <DIR> d-------- c:\documents and settings\Mrs. Richards\Application Data\Malwarebytes
2009-02-08 10:56 . 2009-02-10 21:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 02:16 . 2009-02-10 19:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-08 01:29 . 2009-02-08 01:29 61,440 --a------ c:\windows\system32\drivers\oueg.sys
2009-02-07 22:01 . 2009-02-07 22:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-07 01:48 . 2009-02-07 01:49 <DIR> d-------- c:\program files\ERUNT
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2009-02-07 01:05 . 2009-02-07 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 01:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 01:00 . 2009-02-07 01:00 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 19:19 . 2009-02-06 19:20 <DIR> d-------- c:\windows\system32\DLLs Removed 2-6-2009
2009-02-04 22:23 . 2009-02-05 01:57 <DIR> d-------- c:\windows\system32\delete this crap
2009-02-04 21:57 . 2009-02-08 13:13 2,204 --a------ c:\windows\kgunefqc
2009-01-31 20:39 . 2009-01-31 21:04 <DIR> d-------- C:\xampp
2009-01-21 02:10 . 2009-01-21 02:10 268 --ah----- C:\sqmdata15.sqm
2009-01-21 02:10 . 2009-01-21 02:10 244 --ah----- C:\sqmnoopt15.sqm
2009-01-13 17:24 . 2009-01-13 17:24 268 --ah----- C:\sqmdata14.sqm
2009-01-13 17:24 . 2009-01-13 17:24 244 --ah----- C:\sqmnoopt14.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 04:07 --------- d-----w c:\documents and settings\David\Application Data\OpenOffice.org2
2009-02-11 02:46 --------- d-----w c:\program files\Real
2009-02-11 02:46 --------- d-----w c:\program files\Common Files\Real
2009-02-11 02:28 --------- d-----w c:\program files\Google
2009-02-11 01:11 --------- d-----w c:\program files\Opera
2009-02-10 07:59 --------- d-----w c:\program files\LogMeIn
2009-02-09 20:15 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-09 20:15 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-09 20:07 --------- d-----w c:\program files\Picasa2
2009-02-08 14:40 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-02-08 06:29 636 ----a-w c:\program files\ombk.txt
2009-02-08 05:30 85,120 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT
2009-02-05 02:34 --------- d-----w c:\program files\CCleaner
2009-02-02 05:17 --------- d-----w c:\program files\McAfee
2009-01-31 05:13 85,120 ----a-w c:\documents and settings\Mrs. Richards\Application Data\GDIPFONTCACHEV1.DAT
2009-01-22 21:37 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\ZoomBrowser EX
2009-01-22 21:36 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\CameraWindowDC
2009-01-17 17:09 --------- d-----w c:\documents and settings\Mrs. Richards\Application Data\WebAssist
2009-01-08 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 07:20 --------- d-----w c:\documents and settings\David\Application Data\ZoomBrowser EX
2008-12-31 07:20 --------- d-----w c:\documents and settings\David\Application Data\CameraWindowDC
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-18 20:27 5,632 --sha-w c:\program files\Thumbs.db
2008-01-15 16:53 79,648 ----a-w c:\documents and settings\Katherine\Application Data\GDIPFONTCACHEV1.DAT
2001-07-26 21:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 17:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-06-12 19:28 8,154 ----a-w c:\program files\OsloD3069.usb
2001-05-08 20:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 19:22 1,437 ----a-w c:\program files\gtx73.ini
2008-06-19 09:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2007-05-23 00:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2009-02-11 02:43 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-10 30192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-10-23 c:\windows\system32\sstray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]
c:\documents and settings\Ellie\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\Katherine\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\Mrs. Richards\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\David\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk.disabled [2004-07-30 910]
Adobe Gamma Loader.exe.lnk.disabled [2004-08-02 890]
Adobe Gamma Loader.lnk.disabled [2004-07-30 890]
Adobe Reader Speed Launch.lnk.disabled [2007-03-31 1757]
Device Detector 2.lnk.disabled [2004-11-17 1650]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-11-17 118784]
HP Digital Imaging Monitor.lnk.disabled [2006-12-05 1808]
Microsoft Office.lnk.disabled [2004-08-04 1730]
Microsoft Works Calendar Reminders.lnk.disabled [2004-07-25 875]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:07 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"midi1"= KORGUMDD.DRV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPort.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe"
"ATI Launchpad"=
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"WebCamRT.exe"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"PrinTray"=c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"PicasaNet"="c:\program files\Hello\Hello.exe" -b
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LVCOMS"=c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
"tgcmd"="c:\program files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
"DropBoxUtility"="c:\program files\DropBox\DropBox\DropBox.exe" /s
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ABIT uGuru"=c:\program files\ABIT\ABIT uGuru\uGuru.exe
"HydraVisionDesktopManager"=c:\program files\ATI Technologies\HydraVision\HydraDM.exe
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Mrs. Richards\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Mrs. Richards\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2004-07-25 3584]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-05-12 97408]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-29 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2005-12-26 33792]
R3 EloBus;Elobus Filter Driver;c:\windows\system32\drivers\EloBus.sys [2007-01-20 14848]
R3 EloSer;Elo Serial Driver;c:\windows\system32\drivers\EloSer.Sys [2007-01-20 45568]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-08-09 33800]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [2001-07-11 23153]
S1 MMstub;MMstub Driver;c:\windows\system32\DRIVERS\MMstub.sys --> c:\windows\system32\DRIVERS\MMstub.sys [?]
S2 0171901233147914mcinstcleanup;McAfee Application Installer Cleanup (0171901233147914);c:\windows\TEMP\017190~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\017190~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c98bee6cb9fb98;Google Update Service (gupdate1c98bee6cb9fb98);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 monmouse;Monmouse Driver;c:\windows\system32\DRIVERS\monmouse.sys --> c:\windows\system32\DRIVERS\monmouse.sys [?]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2005-05-06 30192]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2004-07-11 12544]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S4 AloPort;AloPort;c:\windows\system32\drivers\AloPort.sys [2004-07-25 3087]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GOOGLEDESKTOPMANAGER-110408-113106
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd84b48-4ab8-11dd-a45e-0010b565f1d5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-01-01 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-17 22:36]
2009-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 10:56]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 21:28]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1004.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:12]
2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-796845957-839522115-1010.job
- c:\documents and settings\Mrs. Richards\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 18:37]
2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-13 19:12]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-02-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 13:45]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{262578A8-0CC7-4369-953F-800F1B773610}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{2A50439D-5D8A-4C95-B940-18961C5CA924}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{9D5DE8E1-A15F-4186-BFF7-B3EC781BA0FD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{815DA7A2-230F-4F5E-B783-1F13341DEA79} - (no file)
BHO-{A397DAB5-063F-4105-83DB-1BFE56D3816D} - (no file)
BHO-{D38232E4-644C-4B95-B446-130B686E6EB8} - (no file)
HKLM-Explorer_Run-application - c:\program files\AKProg\AKProg.exe
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = I love Katie ; -) From David
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\default.jy3\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\David\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 23:03:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f4,d5,c3,9e,d0,
f8,20,05,e2,63,26,f1,3f,c8,ff,68,63,0c,64,0c,3a,2d,bd,8d,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,4b,33,6e,58,b6,
f1,c4,48,6a,9c,d6,61,af,45,84,18,b5,60,d8,0c,62,bd,19,a4,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,bf,59,d1,1e,c1,
64,4f,5f,ff,7c,85,e0,43,d4,0e,fe,93,00,e7,4e,25,ec,54,b5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,38,a5,fb,87,80,
25,b0,f3,86,8c,21,01,be,91,eb,e7,59,69,0e,4c,9d,af,bb,eb,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,f9,50,20,72,39,
76,0e,f7,f5,1d,4d,73,a8,13,5c,05,52,11,95,b9,cf,f4,47,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f5,bd,bb,ee,51,
c8,17,e1,df,20,58,62,78,6b,cf,c8,73,c9,6b,ae,14,42,10,55,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,da,c8,a2,f9,29,
f9,24,b0,fb,a7,78,e6,12,2f,9a,ea,14,5a,fc,f0,1f,dc,fa,c7,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,7e,92,f1,4b,9b,
c5,15,28,01,3a,48,fc,e8,04,4a,f1,80,6c,51,cd,47,42,e3,36,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,30,69,45,31,47,
d0,c3,ef,f6,0f,4e,58,98,5b,89,c9,39,09,08,7b,9a,f4,db,73,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,25,b4,dd,ca,95,
58,88,c9,3d,ce,ea,26,2d,45,aa,78,5b,df,2d,06,3c,15,b7,5e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b5,ff,b6,b9,42,
da,19,99,2a,b7,cc,b5,b9,7f,41,e7,d2,69,ac,3e,9a,7d,a4,36,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,13,51,60,11,12,
67,ca,84,6c,43,2d,1e,aa,22,2f,9c,07,4c,11,9f,c1,dd,a1,a0,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ØP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"09236.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\EloSrvce.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\UAService7.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\EloDkMon.exe
c:\windows\system32\EloTTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-02-10 23:17:48 - machine was rebooted [David]
ComboFix-quarantined-files.txt 2009-02-11 04:17:44
Pre-Run: 8,847,671,296 bytes free
Post-Run: 10,840,858,624 bytes free
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=2,3,4,5
404 --- E O F --- 2009-01-15 08:05:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:44 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\EloTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Device Detector 2.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.13/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0171901233147914) (0171901233147914mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017190~1.EXE (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98bee6cb9fb98) (gupdate1c98bee6cb9fb98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 11784 bytes