التقرير الأول:
ComboFix 08-09-05.02 - hp 09/06/2008 19:41:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1256.1.1025.18.667 [GMT 3:00]
Running from: C:\Documents and Settings\hp\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\hp\Application Data\DriveCleaner Free
C:\Documents and Settings\hp\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\hp\ResErrors.log
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\system32\MSINET.oca
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 13:22 --------- d-----w C:\Program Files\JLC's Software
2008-09-06 13:21 --------- d-----w C:\Program Files\BitComet
2008-09-06 12:03 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-06 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-06 12:01 --------- d-----w C:\Documents and Settings\hp\Application Data\Spyware Terminator
2008-09-05 20:10 --------- d-----w C:\Program Files\Quran 5.0
2008-09-05 09:43 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-05 01:18 --------- d-----w C:\Program Files\Reshade
2008-09-04 12:19 --------- d-----w C:\Program Files\Pepsky
2008-09-04 11:55 --------- d-----w C:\Program Files\RegCure
2008-09-04 11:50 --------- d-----w C:\Program Files\GoldWave
2008-09-04 10:03 --------- d-----w C:\Program Files\JetAudio
2008-09-04 09:24 --------- d-----w C:\Program Files\Easy Real Converter
2008-09-04 09:24 --------- d-----w C:\Program Files\ActivIcons
2008-09-04 09:23 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-09-04 09:23 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-09-04 09:23 --------- d-----w C:\Program Files\Easy Uploader
2008-09-04 09:22 --------- d-----w C:\Program Files\The Lost Watch 3D Screensaver
2008-09-04 09:22 --------- d-----w C:\Program Files\Magic Photo Editor
2008-09-04 09:22 --------- d-----w C:\Program Files\3Planesoft Screensaver Manager
2008-09-04 09:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 09:21 --------- d-----w C:\Program Files\PhotoWipe
2008-09-04 09:21 --------- d-----w C:\Program Files\NCH Swift Sound
2008-09-04 09:21 --------- d-----w C:\Program Files\MTC USB Connect
2008-09-04 09:21 --------- d-----w C:\Program Files\MediaPurveyor
2008-09-04 09:21 --------- d-----w C:\Program Files\AveIconifier
2008-09-04 09:21 --------- d-----w C:\Documents and Settings\hp\Application Data\Media Purveyor
2008-09-04 09:17 --------- d-----w C:\Program Files\RegCure(2)
2008-09-04 09:17 --------- d-----w C:\Program Files\Poster Forge
2008-09-04 09:17 --------- d-----w C:\Program Files\Paint.NET
2008-08-31 07:57 --------- d-----w C:\Program Files\WinClamAVShield
2008-08-29 17:19 19,361 ----a-w C:\WINDOWS\E220AutoRunLog.tmp
2008-08-29 00:20 --------- d-----w C:\Documents and Settings\hp\Application Data\photoposcomtbr
2008-08-27 15:37 --------- d-----w C:\Documents and Settings\hp\Application Data\Leadertech
2008-08-27 03:47 --------- d-----w C:\Program Files\ESET
2008-08-27 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-26 19:16 --------- d-----w C:\Program Files\STOIK
2008-08-16 21:58 --------- d-----w C:\Program Files\danny_kay1710
2008-08-11 01:00 --------- d-----w C:\Documents and Settings\hp\Application Data\Sony
2008-08-05 17:54 --------- d-----w C:\Program Files\Xilisoft
2008-08-04 23:21 --------- d-----w C:\Program Files\YouTube Downloader
2008-08-04 22:45 --------- d-----w C:\Documents and Settings\hp\Application Data\URSoft
2008-08-02 14:43 --------- d-----w C:\Program Files\Allok Video Joiner
2008-08-01 17:20 --------- d-----w C:\Documents and Settings\hp\Application Data\Publish Providers
2008-07-30 09:01 --------- d-----w C:\Program Files\Power_Karaoke
2008-07-30 09:01 --------- d-----w C:\Program Files\Conduit
2008-07-29 23:26 --------- d-----w C:\Documents and Settings\hp\Application Data\Any Video Converter
2008-07-29 23:20 --------- d-----w C:\Program Files\Shockwave.com
2008-07-29 03:07 --------- d-----w C:\Program Files\Image Mender
2008-07-28 14:56 --------- d-----w C:\Program Files\Sketch Master
2008-07-28 14:54 --------- d-----w C:\Program Files\Cracklock
2008-07-28 14:51 --------- d-----w C:\Program Files\FaceMorpher Lite
2008-07-28 14:39 --------- d-----w C:\Program Files\GameHouse
2008-07-28 14:31 --------- d-----w C:\Program Files\Google
2008-07-28 06:17 --------- d-----w C:\Program Files\Vstplugins
2008-07-28 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-28 06:16 --------- d-----w C:\Program Files\Sony
2008-07-25 16:58 --------- d-----w C:\Program Files\RamCleaner
2008-07-24 13:06 --------- d-----w C:\Program Files\Online TV Player 4
2008-07-24 13:05 --------- d-----w C:\Program Files\Free Internet TV
2008-07-24 13:04 --------- d-----w C:\Program Files\Digital TV 2050
2008-07-22 04:50 --------- d-----w C:\Documents and Settings\hp\Application Data\COWON
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-10 14:43 --------- d-----w C:\Program Files\Common Files\COWON
2008-07-10 14:42 --------- d-----w C:\Documents and Settings\hp\Application Data\InstallShield
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\SET1CC.tmp
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:30 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 09:42 690,176 ----a-w C:\WINDOWS\system32\SET19D.tmp
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:22 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:39 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 271,616 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:01 57,344 -c--a-w C:\WINDOWS\SSEUninstaller.exe
2008-06-10 12:01 44,544 ----a-w C:\WINDOWS\system32\Gif89.dll
2008-06-10 12:01 32,768 ----a-w C:\WINDOWS\system32\ShellLnkSSE.dll
2007-12-15 18:30 81,920 -c--a-w C:\Documents and Settings\hp\Application Data\ezpinst.exe
2007-12-15 18:30 47,360 -c--a-w C:\Documents and Settings\hp\Application Data\pcouffin.sys
.
------- Sigcheck -------
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 12:00 AM 15360]
"RamCleaner"="C:\Program Files\RamCleaner\ramcore.exe" [10/13/2007 07:26 PM 71680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 03:17 PM 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 03:13 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 03:17 PM 118784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/07/2006 01:38 PM 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/22/2006 08:03 AM 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 09:52 AM 643072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [05/05/2008 11:00 AM 1817600]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 02:29 PM 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/05/2004 12:00 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9572:TCP"= 9572:TCP:BitComet 9572 TCP
"9572:UDP"= 9572:UDP:BitComet 9572 UDP
"9255:TCP"= 9255:TCP:BitComet 9255 TCP
"9255:UDP"= 9255:UDP:BitComet 9255 UDP
R1 DVDHelp;DVD Video Region CSS free Filter Driver;C:\WINDOWS\system32\drivers\DVDHelp.sys [09/04/2008 03:16 PM 24728]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [05/05/2008 11:00 AM 141312]
R2 dvdmmg;dvdmmg;C:\WINDOWS\system32\drivers\dvdmmg.sys [09/06/2007 02:15 PM 5504]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [08/30/2005 05:57 PM 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [08/30/2005 05:58 PM 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [08/30/2005 05:59 PM 94000]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c4e3b85-c187-11db-86a2-001302692700}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d97341-9369-11dc-b650-001302692700}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2dedf94-46ed-11dd-b81c-001302692700}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0092541-46eb-11dd-b81b-001302692700}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{40498DEF-8B13-44A6-A1A7-69DFE36E9210} - (no file)
SharedTaskScheduler-{0e4e5110-a772-4c4a-a7dc-137fe10abd6e} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\x8m7w8oq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE -
.
.
------- File Associations (Beta) -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-06 19:43:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???pQ??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/06/2008 19:45:53
ComboFix-quarantined-files.txt 2008-09-06 16:45:42
Pre-Run: 51,925,737,472 bytes free
Post-Run: 51,981,160,448 bytes free
220 --- E O F --- 2008-09-06 13:03:51
........
التقرير الثاني:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:55:02 م, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hp\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\ramcore.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Find This In Google - res://C:\WINDOWS\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{091432A1-F2DD-499F-BC99-C38956A72C14}: NameServer = 10.40.155.33 10.40.155.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{091432A1-F2DD-499F-BC99-C38956A72C14}: NameServer = 10.40.155.33 10.40.155.34
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5540 bytes
)