ComboFix 09-01-13.03 - MVFD 2009-01-14 6:42:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.295 [GMT -5:00]
Running from: c:\users\MVFD\Desktop\ComboFix.exe
Command switches used :: c:\users\MVFD\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
c:\windows\System32\gajivaje.dll
c:\windows\System32\sovutufa.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\gajivaje.dll
c:\windows\System32\sovutufa.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2009-01-14 06:40 . 2009-01-14 06:42 <DIR> d-------- C:\4210c924a254e39a0bf9ba
2009-01-14 06:38 . 2009-01-14 06:39 <DIR> d-------- C:\32788R22FWJFW
2009-01-13 17:24 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-12 16:58 . 2009-01-12 16:58 <DIR> d-------- C:\_OTMoveIt
2009-01-11 16:06 . 2009-01-11 16:07 <DIR> d-------- C:\rsit
2009-01-11 13:46 . 2009-01-11 13:46 <DIR> d-------- c:\users\MVFD\AppData\Roaming\Malwarebytes
2009-01-11 13:46 . 2009-01-11 13:46 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-11 13:46 . 2009-01-11 13:46 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-11 13:46 . 2009-01-11 13:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 13:46 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 13:46 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-05 15:19 . 2009-01-05 15:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 10:28 . 2009-01-09 22:08 385 --a------ c:\windows\wininit.ini
2009-01-02 21:33 . 2009-01-05 15:02 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-02 21:33 . 2009-01-05 15:02 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-02 21:33 . 2009-01-02 21:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-02 21:13 . 2009-01-02 21:13 0 --a------ C:\aolreboot
2008-12-16 18:10 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-15 13:20 . 2008-10-31 20:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-15 13:20 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-15 13:20 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-15 13:20 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-15 13:20 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-15 13:20 . 2008-10-31 22:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-15 13:19 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-15 13:19 . 2008-10-15 23:47 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 11:44 --------- d-----w c:\program files\Windows Mail
2009-01-13 23:50 --------- d-----w c:\users\MVFD\AppData\Roaming\U3
2009-01-13 20:36 --------- d-----w c:\programdata\Google Updater
2009-01-12 13:10 --------- d-----w c:\program files\McAfee
2009-01-07 00:02 2,814 ----a-w c:\users\MVFD\AppData\Roaming\wklnhst.dat
2009-01-03 02:29 --------- d-----w c:\programdata\AOL
2009-01-03 02:19 --------- d-----w c:\program files\Google
2009-01-03 02:13 --------- d-----w c:\program files\Common Files\AOL
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 22:32 174 --sha-w c:\program files\desktop.ini
2007-05-09 02:01 0 ----a-w c:\users\203\AppData\Roaming\wklnhst.dat
2009-01-14 00:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-14 00:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-14 00:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-14 00:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-14 00:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-11 19:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-11 19:29 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-11 19:29 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-11 23:22 88 --sh--r c:\windows\System32\EBC57C4AFE.sys
2008-03-11 23:22 2,516 --sha-w c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2009-01-13_17.14.24.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 11:47:37 6,258,688 ----a-w c:\windows\ERDNT\subs\schema.dat
- 2009-01-13 22:09:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-14 11:52:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-13 22:09:04 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-14 11:52:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-13 22:10:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-14 11:53:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-01-13 22:10:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-14 11:55:03 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-12 22:03:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-14 11:37:23 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-12 22:03:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 11:37:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 22:03:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-14 11:37:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-13 22:09:16 418,512 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-01-14 11:53:27 418,512 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\System32\MRT.exe
- 2008-12-27 17:43:40 101,988 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-13 23:47:14 101,988 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-27 17:43:40 598,350 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-13 23:47:14 598,350 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-03 02:22:02 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-01-14 11:47:37 6,258,688 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-01-13 22:11:38 12,456 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1446705178-4080879296-3341943921-1000_UserData.bin
+ 2009-01-14 11:55:59 12,496 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1446705178-4080879296-3341943921-1000_UserData.bin
- 2009-01-13 22:11:37 55,514 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 11:55:59 55,530 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 22:02:40 52,160 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 11:36:56 52,160 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-19 22:16:27 167,343,633 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-13 22:20:03 167,390,258 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd3587a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce984a1d682\OESpamFilter.dat
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f985c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d94129dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780fa89f17\srv.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-09 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-09 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-09 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe]
c:\users\203\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FIREHOUSE Software 6.LNK - c:\program files\FIREHOUSE Software\FH.EXE [2007-04-16 27810133]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-06 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-12 18:19 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4A85F0A-DF46-48C4-A726-10E6B25602D7}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{B4411C44-AB2A-4261-B7DD-248291AEBE70}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{BC443AC2-E4CC-45C4-A548-0C2A2AB6A2C0}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{EEC2D592-076B-4BC9-860E-39A319FDA76F}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{EE92EEB1-9A25-40D2-806C-E50E4550718D}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{26CD5185-0838-49A1-80EE-834BEE93C9C1}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{05A33684-F1A0-4301-8613-E3FB1F8FA697}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7E6613CF-F267-4E5A-BAF7-BF03D52D7F30}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{DD44D9BB-F4B6-453B-990F-5026FD029F1C}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{5E70DB0C-5D93-49DC-A153-53977F6A8159}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{7A4B1864-3CB0-43AD-9E37-9A82B7AB33E4}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{BDA435F0-397B-47AE-8AFE-DCF1D4D80D0C}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7E90926A-C4B4-49C8-9D5F-7B46AB017A47}"= UDP:c:\program files\Common Files\AOL\1197558478\ee\aolsoftware.exe:AOL Shared Components
"{E20975F4-A133-46E3-ACAC-24B431E9B7EB}"= TCP:c:\program files\Common Files\AOL\1197558478\ee\aolsoftware.exe:AOL Shared Components
"{0B67BC4C-08EE-4004-8E12-71C5E64343EF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE8C2BF9-0E03-46A0-AB74-1FCF64EE3758}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B61E88A-36F8-402B-A792-E75AAF8F8C8C}"= UDP:c:\program files\Common Files\AOL\1197558478\ee\AOLDesktop.exe:AOL Desktop
"{039557E5-7556-4F0D-A8BC-D6C1C55372A2}"= TCP:c:\program files\Common Files\AOL\1197558478\ee\AOLDesktop.exe:AOL Desktop
"{49392F6B-117C-4CBF-A2AB-7DD31CC59A2A}"= UDP:c:\windows\explorer.exe:Explorer
"{9984A69F-754A-429D-93C6-C8AD3D5008CA}"= TCP:c:\windows\explorer.exe:Explorer
"{5F6D5917-0B65-4473-A2FD-F44BAD6A19D8}"= UDP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost
"{9E76713D-310E-462B-9446-A61F13504A49}"= TCP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost
"{CA89EA97-AC5A-47DF-B775-D2640CFC6BF9}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{75A2DEF1-2112-4F4B-9609-F02E9FF9E7BE}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{B5F2C88A-7551-41D8-9E60-9229BC5153BD}"= UDP:c:\windows\System32\wininit.exe:wininit
"{ABB8806D-BE8F-45B2-8375-B806CEF1638C}"= UDP:c:\windows\System32\wininit.exe:wininit
"{E1F5AAB2-3B6C-4A9D-8AD3-CBA2B8E63DFE}"= TCP:c:\windows\System32\wininit.exe:wininit
"{BC011C09-FEB7-4E44-9230-81CFD6E276BB}"= TCP:c:\windows\System32\wininit.exe:wininit
"{09AA92A3-0A26-4E63-A9FE-943727586B5B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{E53156D2-B8B6-4EBC-AD5A-C5C77DE9D10B}"= TCP:c:\windows\System32\wininit.exe:wininit
"{C9BB39F5-0CFC-42BE-B02A-CAD8192D70BA}"= UDP:c:\windows\System32\rundll32.exe:rundll32
"{8DBB0F08-A826-40B0-95E2-166F3F79B0C0}"= TCP:c:\windows\System32\rundll32.exe:rundll32
"{5E22F003-0632-4953-8BA3-3DF10AA0C9BE}"= UDP:c:\program files\Spybot - Search & Destroy\SDWinSec.exe:SDWinSec
"{08B1114F-ADA1-42A6-86E5-F7D1121F6D22}"= TCP:c:\program files\Spybot - Search & Destroy\SDWinSec.exe:SDWinSec
"{FDAC8502-7B91-4086-9117-B30567F0D833}"= UDP:c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe:RoxWatch9
"{E6A42D65-A59B-461F-BC56-5CE7650EBB24}"= TCP:c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe:RoxWatch9
"{E33C3BBA-A258-4366-AC88-34F9058C4A58}"= UDP:c:\windows\System32\drivers\XAudio.exe:xaudio
"{0D564B38-019C-4746-8CC0-59C08CBA19B8}"= TCP:c:\windows\System32\drivers\XAudio.exe:xaudio
"{BF013BDF-6B44-41EA-A7EE-893BA60FB6BA}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{CBC39ED9-E8F0-40CB-8C23-FB47BC4A55A9}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{635A198B-A3C2-4AED-B75D-2B0A03E3A1FE}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{BFADAA01-1DCC-4445-983C-4DAA653AA890}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{9978DB5D-6A44-47FD-9DEA-EF427AE94394}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{75212AC4-A5E3-4479-B11C-20FF4951126E}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{8474E971-757C-442D-A90B-2EF6DB7407B7}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{E63FD1A4-573A-4713-988D-C8CFE55092DB}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S4 0258621231765828mcinstcleanup;McAfee Application Installer Cleanup (0258621231765828);c:\windows\TEMP\025862~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\025862~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce4d224-79c5-11dd-89ba-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce4d22f-79c5-11dd-89ba-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e2d1833-eb9c-11db-bd40-0019d15b076e}]
\shell\AutoRun\command - G:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efc66422-a547-11dd-908b-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-07-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2009-01-13 c:\windows\Tasks\User_Feed_Synchronization-{2349FD9F-38FF-4FC4-8A46-57130AB3D4A7}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
2009-01-14 c:\windows\Tasks\User_Feed_Synchronization-{AB916BC1-8CE7-4CEE-9377-FD4FDF2285D4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.marshallvillevolfiredept.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: beta.agoc.com
Trusted Zone: webmail.agoc.com
Trusted Zone: www.armstrongmywire.com
Trusted Zone: www.com.ohio.gov
FF - ProfilePath - c:\users\MVFD\AppData\Roaming\Mozilla\Firefox\Profiles\ceaa3ua9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.marshallvillevolfiredept.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 06:54:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\MVFD\AppData\Local\Temp\WPDNSE
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-01-14 7:00:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 12:00:35
ComboFix2.txt 2009-01-13 22:17:08
Pre-Run: 170,916,093,952 bytes free
Post-Run: 170,487,631,872 bytes free
359 --- E O F --- 2009-01-14 11:44:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:33 AM, on 1/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marshallvillevolfiredept.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://webmail.agoc.com
O15 - Trusted Zone: http://www.armstrongmywire.com
O23 - Service: McAfee Application Installer Cleanup (0258621231765828) (0258621231765828mcinstcleanup) - Unknown owner - C:\Windows\TEMP\025862~1.EXE (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7901 bytes