Quote:
Please post the following in your next reply:
C:\ComboFix.txt
Kaspersky report
new HijackThis log
report on system behavior
|
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
--------------------------------------------------------------------------------
ComboFix 08-06-12.2 - misty 2008-06-14 10:07:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.575 [GMT -5:00]
Running from: C:\Documents and Settings\misty\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\misty\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\misty\Application Data\shc1v8j0ep10
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\1C.tmp
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-14 09:57 . 2008-06-14 10:03 4,681,568,256 --a------ C:\CRZ0NNW7.ISO
2008-06-12 21:11 . 2008-06-12 21:19 4,681,455,616 --a------ C:\BUFFY_S5_D6.ISO
2008-06-10 21:30 . 2008-06-10 21:30 <DIR> d-------- C:\Deckard
2008-06-10 21:25 . 2008-06-10 21:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-10 21:25 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-10 20:46 . 2008-06-10 20:48 <DIR> d-------- C:\Program Files\Panda Security
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-08 22:35 . 2008-06-08 22:58 4,681,469,952 --a------ C:\CHARMED_SEASON_6.ISO
2008-06-06 15:57 . 2007-01-07 18:44 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr
2008-06-04 18:49 . 2008-06-04 19:10 4,681,451,520 --a------ C:\CHARMED_S5_D6.ISO
2008-06-04 18:37 . 2008-06-04 18:37 <DIR> d-------- C:\Documents and Settings\misty\Application Data\Pogo Games
2008-06-04 18:07 . 2008-06-04 18:27 4,681,445,376 --a------ C:\CHARMED_S5_D5.ISO
2008-06-03 08:56 . 2008-06-03 08:57 <DIR> d-------- C:\PSP Stuff
2008-06-03 08:08 . 2008-06-03 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-27 01:20 . 2008-05-27 02:10 77,927,387 --a------ C:\RUU_signed.nbh
2008-05-27 00:51 . 2008-05-27 00:51 <DIR> d-------- C:\Program Files\Resco
2008-05-27 00:51 . 2006-12-08 12:23 90,112 --a------ C:\WINDOWS\RSetupCE.exe
2008-05-26 17:44 . 2008-05-26 17:44 <DIR> d-------- C:\Dump
2008-05-18 09:59 . 2008-05-18 10:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-14 23:30 . 2008-05-14 23:32 <DIR> d-------- C:\Documents and Settings\misty\Application Data\gtk-2.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 15:03 --------- d-----w C:\Documents and Settings\misty\Application Data\dvdcss
2008-06-14 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-14 04:15 --------- d-----w C:\Documents and Settings\misty\Application Data\Orbit
2008-06-14 04:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 23:35 --------- d-----w C:\Documents and Settings\misty\Application Data\.purple
2008-06-07 04:22 --------- d-----w C:\Documents and Settings\misty\Application Data\GameHouse
2008-06-06 20:57 --------- d-----w C:\Program Files\GameHouse
2008-05-27 05:17 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-20 01:47 --------- d-----w C:\Documents and Settings\misty\Application Data\Move Networks
2008-05-13 04:11 --------- d-----w C:\Documents and Settings\misty\Application Data\hIq Inc
2008-05-13 04:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 08:10 --------- d-----w C:\Program Files\Orbitdownloader
2008-05-12 06:55 --------- d-----w C:\Documents and Settings\misty\Application Data\LimeWire
2008-05-11 04:29 --------- d-----w C:\Program Files\PPCkitchen.org
2008-05-11 00:18 --------- d-----w C:\Program Files\InterActual
2008-05-09 04:58 --------- d-----w C:\Program Files\Java
2008-05-09 04:53 --------- d-----w C:\Program Files\Common Files\Java
2008-05-09 04:50 --------- d-----w C:\Program Files\LimeWire
2008-05-09 01:25 --------- d-----w C:\Program Files\Google
2008-05-09 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-09 00:13 --------- d-----w C:\Program Files\Oberon Media
2008-05-08 18:59 --------- d-----w C:\Documents and Settings\misty\Application Data\ImgBurn
2008-05-08 17:52 --------- d-----w C:\Program Files\YPOPs
2008-05-08 05:27 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-08 04:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-08 03:47 --------- d-----w C:\Program Files\Pidgin
2008-05-08 03:47 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-08 03:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 03:03 --------- d-----w C:\Program Files\CyberLink
2008-05-08 03:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-08 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-07 06:23 --------- d-----w C:\Program Files\Fantastic Flame Screensaver
2008-05-07 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-05-06 20:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-06 20:44 --------- d-----w C:\Program Files\Netflix
2008-05-06 20:42 --------- d-----w C:\Documents and Settings\misty\Application Data\vlc
2008-05-06 20:31 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 19:28 --------- d-----w C:\Program Files\ImgBurn
2008-05-06 19:24 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-05-06 19:19 --------- d-----w C:\Program Files\DVD Shrink
2008-05-06 18:53 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-06 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-06 17:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-01 13:17 --------- d-----w C:\Program Files\WIDCOMM
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\All Users\Application Data\nView_Profiles ----
((((((((((((((((((((((((((((( snapshot@2008-06-13_23.16.07.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 04:11:43 59,842 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-14 04:18:38 59,842 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-14 04:11:43 395,768 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-14 04:18:38 395,768 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 22:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 22:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 05:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 04:31 630784]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-13 15:11 647168]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 14:48 569344]
"WLSS"="C:\Program Files\Wireless Select Switch\WLSS.exe" [2007-10-17 14:40 189736]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 13:51 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 13:49 974848]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 20:51 951856]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 22:23 49168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 07:06 8462336]
"nwiz"="nwiz.exe" [2007-06-26 07:06 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 07:06 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 18:35:34 561213]
Fantastic Flame Agent.lnk - C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe [2007-04-24 15:33:26 25088]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-05-12 03:10:49 1678536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 22:46 90112 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Pidgin\\pidgin.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 13:16]
R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-17 20:55]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 22:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54ee2c94-da25-11dc-8831-806d6172696f}]
\Shell\AutoRun\command - D:\StartCD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-14 10:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-14 10:08:21
ComboFix-quarantined-files.txt 2008-06-14 15:08:17
ComboFix2.txt 2008-06-14 04:16:28
Pre-Run: 237,006,196,736 bytes free
Post-Run: 236,994,035,712 bytes free
169 --- E O F --- 2008-05-08 05:27:50
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 14, 2008 15:12:28
Records in database: 863600
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 36400
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:47:41
No malware has been detected. The scan area is clean.
The selected area was scanned.
--------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:23 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Elantech\ktp.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\misty\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1210215948906
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7737 bytes
--------------------------------------------------------------------------------
Never really noticed much of a change in the performance, just the annoying pop ups, bugs on the screen, and inability to change settings. System seems to be running smoothly but, u got any recommendations for antivirus programs?
Thanks again
*edit* somewhere around this site i think i saw an option to remove windows messenger, since i never use it i would like to disable/remove it.