ok. Here's the ComboFix Report---
ComboFix 08-02.03.1 - HP_Administrator 2008-02-03 14:51:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\__c00F127D.dat
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\HP_Administrator\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0012AD9.dat
C:\WINDOWS\system32\__c001F57C.dat
C:\WINDOWS\system32\__c004E840.dat
C:\WINDOWS\system32\__c009777.dat
C:\WINDOWS\system32\__c00B5E2E.dat
C:\WINDOWS\system32\__c00D0DD8.dat
C:\WINDOWS\system32\__c00F127D.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\mcrh.tmp
C:\xcrashdump.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-01 07:04 . 2008-02-01 07:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-01-28 21:37 . 2008-01-28 21:37 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 18:13 . 2008-02-03 12:40 1,133,939 ---hs---- C:\WINDOWS\system32\8DD0D00c__.ini
2008-01-21 18:14 . 2008-01-28 18:01 1,165,738 ---hs---- C:\WINDOWS\system32\1312C00c__.ini
2008-01-16 21:39 . 2008-01-16 21:39 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
2008-01-13 22:05 . 2008-01-21 18:12 1,485,181 ---hs---- C:\WINDOWS\system32\DD9BA00c__.ini
2008-01-12 21:10 . 2008-01-12 21:10 2,107,712 ---hs---- C:\WINDOWS\system32\777900c__.ini2
2008-01-12 21:10 . 2008-01-12 21:10 1,058,312 ---hs---- C:\WINDOWS\system32\777900c__.tmp
2008-01-06 22:18 . 2008-01-10 23:08 1,058,312 ---hs---- C:\WINDOWS\system32\777900c__.ini
2008-01-04 22:08 . 2008-01-06 09:58 1,043,972 ---hs---- C:\WINDOWS\system32\C75F100c__.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 20:11 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-01-29 03:37 --------- d-----w C:\Program Files\QuickTime
2008-01-29 03:37 --------- d-----w C:\Program Files\DISC
2008-01-24 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-20 00:21 --------- d-----w C:\Program Files\LimeWire
2008-01-17 13:07 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-11 02:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-28 14:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-28 03:38 --------- d-----w C:\Program Files\Trend Micro
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 180,269 2006-03-07 18:40:59 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
----a-w 1,095,256 2007-10-31 02:57:54 C:\Program Files\DISC\bak\DISCover.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\DISC\DISCover.exe
----a-w 249,856 2005-11-10 00:29:16 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
----a-w 49,152 2005-06-02 06:35:56 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
----a-w 49,152 2005-05-12 14:12:54 C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\QuickTime\qttask.exe
----a-w 90,112 2005-11-01 17:01:00 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
----a-w 185,456 2007-08-22 02:09:07 C:\Program Files\Yahoo!\Antivirus\bak\CAVRID.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
----a-w 230,512 2007-08-22 02:09:07 C:\Program Files\Yahoo!\Antivirus\bak\CAVTray.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
----a-w 407,032 2006-07-21 15:43:10 C:\Program Files\Yahoo!\YOP\bak\yop.exe
----a-w 10,256 2008-01-29 03:37:22 C:\Program Files\Yahoo!\YOP\yop.exe
----a-w 64,512 2005-08-06 04:56:34 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-06 04:56:34 C:\WINDOWS\ehome\ehtray.exe
----a-w 237,568 2005-07-23 06:14:00 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 10,256 2008-01-29 03:37:22 C:\WINDOWS\SMINST\RECGUARD.EXE
----a-w 15,360 2004-08-10 04:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 04:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-28 21:37 10256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-28 21:37 10256]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2008-01-28 21:37 10256]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-28 21:37 10256]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2008-01-28 21:37 10256]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2008-01-28 21:37 10256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 21:37 10256]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2008-01-28 21:37 10256]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2008-01-28 21:37 10256]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-28 21:37 10256]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-28 21:37 10256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-28 21:37 10256]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-28 21:37 10256]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2008-01-28 21:37 10256]
"ejrumwuz"="C:\WINDOWS\system32\uxidgdet.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 08:23:26 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-07 12:59:31 36903]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-03 11:10:00 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00F127D]
C:\WINDOWS\system32\__c00F127D.dat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e74fcc-7ad6-11dc-bc33-0016175760d0}]
\Shell\AutoRun\command - Autorun.exe /run
\Shell\Shell00\Command - Autorun.exe /run
\Shell\Shell01\Command - Autorun.exe /action
\Shell\Shell02\Command - Autorun.exe /uninstall
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 14:56:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-02-03 15:00:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 21:00:01
.
2008-02-03 18:37:04 --- E O F ---
And here's the new HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:50 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.h...a...&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [ejrumwuz] C:\WINDOWS\system32\uxidgdet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) -
http://apps.corel.co...IEGetPlugin.ocxO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1189872905593O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) -
https://voffice.txpc...on.com/NELX.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cabO16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) -
http://imikimi.com/d...kimi_plugin.cabO20 - Winlogon Notify: __c00F127D - C:\WINDOWS\system32\__c00F127D.dat (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9008 bytes