I ran combofix. It went throght a number of stage and after stage 50 it rebooted the machine. It started up, but after I logged on only my desktop background showed up. The mouse was there, but now programs or start menu. I also tried starting in safe mode and it only gets to that desktop screen. The task manager works.
OK I used the task manager to run explore. It started up and a wind popped up trying to finish the log report and said do not run other stuff. A bunch of other stuff started running, however, some of the same things that were causing me problems in the first place. On of the things it trys to do is load WordPerfect Office 12 with the Windows installer. I am goint to see if I can get a log of some sort, at least a Hijackthis log. By they way I have not been able to get this to connect to the internet since this began, so I am doing everything by downloading from a different computer and putting it on a memory stick and transfering it to the infected computer.
OK Here are the logs:
Combofix:
ComboFix 09-02-19.01 - William Miller 2009-02-21 14:04:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2608 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\Readme.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\UACwpjyotqp.sys
c:\windows\system32\gscwun.dll
c:\windows\system32\init32.exe
c:\windows\system32\mfc45.dll
c:\windows\system32\mlJYsqpP.dll.vir
c:\windows\system32\osm3of8s3njd.dll
c:\windows\system32\PpqsYJlm.ini
c:\windows\system32\PpqsYJlm.ini2
c:\windows\system32\rofgobxu.dll
c:\windows\system32\UACepdoybky.dll
c:\windows\system32\UACjpuoomyi.dll
c:\windows\system32\UAClqjnqrpo.dll
c:\windows\system32\UACnmtopmec.dat
c:\windows\system32\UACnremilro.log
c:\windows\system32\UACurunvuna.log
c:\windows\system32\UACvaitxdwy.dll
c:\windows\system32\UACwsvyumpk.log
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
F:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_icf
-------\Service_FreezeScreenSaver
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-21 13:55 . 2009-02-21 13:56 <DIR> d-------- C:\32788R22FWJFW
2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:42 . 2009-02-17 14:42 81,920 --a------ C:\dykhyp.exe
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 14:41 . 2009-02-17 14:41 26,624 --a------ C:\pfkik.exe
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:59 . 2009-02-17 12:59 81,920 --a------ C:\cisq.exe
2009-02-17 12:59 . 2009-02-17 12:59 26,624 --a------ C:\ywruf.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-12-21 14:40 --------- d-----w c:\program files\VideoLAN
2008-12-21 01:56 --------- d-----w c:\program files\Apple Software Update
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2007-12-05 01:28 80 --sha-r c:\windows\system32\4DF86F78CF.dll
2008-07-23 00:36 56 --sha-r c:\windows\system32\4DF86F78CF.sys
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.
------- Sigcheck -------
2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-04 235936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd23984-fe3f-11d9-b90f-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e323e8f-c924-11dd-aca9-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - system.exe
\Shell\Open\command - system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d174e56-feea-11dd-ad1e-444553544200}]
\Shell\AutoRun\command - F:\InstallSeagateManager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b942e5d4-1871-11dc-a999-444553544200}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdates.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]
2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]
2009-02-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-InetCntrl - c:\windows\system32\InetCntrl\InetCntrl.exe
Notify-byxnghhg - (no file)
Notify-crypt - (no file)
Notify-fygrzqkn - (no file)
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
Trusted Zone: turbotax.com
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62}
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-21 14:52:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,9a,fb,83,3a,b0,4a,94,41,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,9a,fb,83,3a,b0,4a,94,41,fe,\
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]
"eacindhcii"=hex:66,61,61,6a,6d,64,6f,6f,67,63,6f,64,00,31
"dadiccdp"=hex:64,62,6f,68,6a,6d,6d,6b,61,6e,66,64,64,61,70,68,64,70,69,62,69,
63,62,65,6a,62,6c,63,6e,70,6a,67,6c,63,6c,62,65,6e,61,6e,00,00
"iakhllngmbjjanopkk"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00
"haigfmoehchnboek"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Æ·*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"verticalChoices"="weatherV"
"firstLaunch"="false"
DUMPHIVE0.003 (REGF)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lotus\Notes\nslsvice.exe
c:\program files\Lotus\Notes\nsl.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-21 15:03:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 21:03:10
Pre-Run: 133,993,852,928 bytes free
Post-Run: 134,692,089,856 bytes free
Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
406 --- E O F --- 2009-02-11 09:13:38
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:51 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Srccode\SDCService\SDCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SE...S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C528348-18DC-4ECE-819B-624E226028DA} (Frontier.Frontier_Launcher) -
http://wsso.mmm.com/...am_launcher.CABO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://downloadcente...trolLite_EN.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmar...martActivia.cabO16 - DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} (WebTransferCtrl Class) -
http://legalwebdev.m...es/iManFile.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...01/mcinsctl.cabO16 - DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} (RequestX.SDC) -
http://intra4.mmm.com/sdc/cabs/SDC.CABO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1161823591093O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) -
http://host.oddcast....ostClientIE.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
https://3msource.3m....acbvf6EstuImzy O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcaf...,26/mcgdmgr.cabO16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -
https://us-mail-16.mmm.com/dwa7W.cabO16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
http://www.shockwave...ownloadCtrl.cabO16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) -
https://3msource.3m....uniperSetup.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) -
http://photos.msn.co....cab?10,0,910,0O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Download Center (SoftwareDownloadCenter) - 3M - C:\Srccode\SDCService\SDCService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 15014 bytes
Edited by mywoes, 21 February 2009 - 03:09 PM.