Thread: help got key logged
View Single Post
Old 06-29-2009, 11:09 PM   #4 (permalink)
zerohostile
New Member
 
Join Date: Jun 2009
Posts: 12
Default
ComboFix 09-06-29.01 - Peatear 06/29/2009 15:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.315 [GMT -5:00]
Running from: c:\documents and settings\Peatear\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peatear\Application Data\.#
c:\documents and settings\Peatear\Application Data\.#\MBX@132C@3837D8.###
c:\documents and settings\Peatear\Application Data\.#\MBX@132C@3837E8.###
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-28 13:54 . 2009-06-28 13:55 -------- d-----w- c:\program files\EMBIRD32
2009-06-27 20:18 . 2009-06-27 20:41 -------- d-----w- C:\PacSteam
2009-06-27 20:18 . 2009-06-27 20:18 -------- d-----w- c:\program files\Common Files\Thraex Software
2009-06-26 15:59 . 2009-06-26 16:00 -------- d-----w- c:\documents and settings\Peatear\Application Data\mIRC
2009-06-26 15:59 . 2009-06-26 15:59 -------- d-----w- c:\program files\mIRC
2009-06-26 12:48 . 2009-06-26 12:59 -------- d-----w- c:\documents and settings\Peatear\Local Settings\Application Data\WMTools Downloaded Files
2009-06-26 12:07 . 2009-06-26 14:02 -------- d-----w- C:\Fraps
2009-06-21 16:47 . 2009-06-21 16:47 -------- d-----w- c:\program files\Alarm Clock
2009-06-20 22:16 . 2009-06-20 22:16 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-06-20 22:16 . 2009-06-20 22:16 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-06-09 00:32 . 2009-06-09 00:32 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-09 00:32 . 2005-11-25 00:51 245248 ----a-w- c:\windows\system32\rt73.sys
2009-06-09 00:32 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-06-09 00:32 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-06-09 00:32 . 2005-11-03 22:41 32768 ----a-w- c:\windows\system32\GTGina.dll
2009-06-09 00:32 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2009-06-09 00:32 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2009-06-09 00:32 . 2005-02-01 23:18 17992 ----a-w- c:\windows\bcm42rly.sys
2009-06-09 00:31 . 2009-06-09 00:32 -------- d-----w- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-06-08 22:27 . 2009-06-08 22:27 -------- d-----w- c:\program files\Realtek AC97
2009-06-06 17:32 . 2009-06-06 17:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-06 08:27 . 2009-06-06 08:27 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-06 08:25 . 2009-06-06 08:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-06-06 08:25 . 2009-06-06 08:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-05 22:20 . 2009-06-05 22:38 76992 ----a-w- c:\windows\War3Unin.dat
2009-06-05 22:20 . 2009-06-05 22:26 2829 ----a-w- c:\windows\War3Unin.pif
2009-06-05 22:20 . 2009-06-05 22:26 139264 ----a-w- c:\windows\War3Unin.exe
2009-06-05 22:18 . 2009-06-29 05:46 -------- d-----w- c:\program files\Warcraft III
2009-06-05 05:13 . 2009-06-05 05:13 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-05 05:13 . 2009-06-05 05:13 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-05 04:56 . 2009-06-05 04:56 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-05 04:56 . 2009-06-05 04:56 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-29 20:14 . 2008-09-06 21:46 -------- d-----w- c:\documents and settings\Peatear\Application Data\uTorrent
2009-06-29 16:49 . 2009-02-25 23:42 -------- d-----w- c:\program files\Steam
2009-06-29 03:46 . 2009-04-28 17:47 -------- d-----w- c:\program files\PeerGuardian2
2009-06-26 13:22 . 2008-09-04 22:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 00:32 . 2008-09-03 01:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 19:13 . 2008-09-02 08:57 -------- d-----w- c:\program files\McAfee
2009-06-06 08:24 . 2008-05-12 13:05 -------- d-----w- c:\program files\Web Publish
2009-06-05 05:24 . 2009-01-20 04:33 -------- d-----w- c:\program files\Folder Lock 6
2009-06-05 05:13 . 2009-05-01 05:14 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 19:03 . 2009-05-26 19:03 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-20 22:42 . 2008-09-03 05:26 -------- d-----w- c:\program files\DOSBox-0.72
2009-05-18 06:01 . 2009-05-18 06:01 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 13:40 . 2008-05-12 13:09 308336 -c--a-w- c:\documents and settings\Peatear\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 09:05 . 2009-05-04 09:05 -------- d-----w- c:\program files\Microsoft Reader
2009-05-01 17:31 . 2009-02-19 17:58 -------- d-----w- c:\program files\SophieSew
2009-05-01 17:30 . 2008-12-24 14:55 -------- d-----w- c:\program files\Replay Music 3
2009-05-01 17:28 . 2009-04-29 07:49 -------- d-----w- c:\program files\PartyGaming
2009-05-01 17:26 . 2008-09-04 21:52 -------- d-----w- c:\program files\Buzz Tools
2009-05-01 04:59 . 2009-05-01 04:59 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-01 04:42 . 2009-05-01 04:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-01 04:42 . 2009-05-01 04:42 -------- d-----w- c:\program files\Lavasoft
2009-04-29 04:46 . 2006-03-04 03:33 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:25 . 2009-04-24 01:20 7040776 -c--a-w- c:\documents and settings\Peatear\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 05:46 . 2009-04-17 05:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-04-17 05:46 . 2009-04-17 05:46 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-04-17 05:45 . 2008-12-24 14:55 323584 -c--a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 16:16 . 2009-04-01 16:16 152576 -c--a-w- c:\documents and settings\Peatear\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-01-20 04:45 . 2009-01-20 04:45 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [9/2/2008 4:12 AM 11264]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/1/2006 1:14 AM 13696]
R3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2008 11:33 PM 210216]
S1 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drives\sydexfdd.sys --> c:\windows\system32\drives\sydexfdd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1003344]
S3 EasyHideIP;EasyHideIP;c:\program files\Easy-Hide-IP\services\EasyHideIp.exe [4/28/2009 1:10 PM 45056]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:51]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-09-02 15:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-09-02 15:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-Gamevance - c:\program files\Gamevance\gamevance32.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\documents and settings\Peatear\Application Data\Mozilla\Firefox\Profiles\2nyzwwbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://thepiratebay.org/|https://us.etrade.com/e/t/home|http://www.blackle.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 15:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe [528] 0x8676D3C8

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Gamevance = c:\program files\Gamevance\gamevance32.exe??????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ????????????????????????????????????????????????

scanning hidden files ...


C:\sccfg.sys 696 bytes

scan completed successfully
hidden files: 1

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-29 15:18
ComboFix-quarantined-files.txt 2009-06-29 20:18

Pre-Run: 156,176,420,864 bytes free
Post-Run: 156,245,254,144 bytes free

199 --- E O F --- 2009-06-11 02:04


Malwarebytes' Anti-Malware 1.38
Database version: 2352
Windows 5.1.2600 Service Pack 3

6/29/2009 3:58:03 PM
mbam-log-2009-06-29 (15-57-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 184832
Time elapsed: 32 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevance.linker.1 (Adware.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:11 PM, on 6/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Peatear\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7060 bytes
zerohostile is offline   Reply With Quote