Hi back...
Yes I installed Sexy Poker 5. It is a pleasant time passer, nice eye candy. Is there something wrong with it?
Anyways here are the logs:
ComboFix 08-02-13.2 - BassMan 2008-02-14 7:58:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1332 [GMT -5:00]
Running from: C:\Documents and Settings\BassMan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\BassMan\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE
C:\WINDOWS\BMab270c7e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kenevtyh.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\agebaitd.dll.bad
C:\VundoFix Backups\agipqhny.dll.bad
C:\VundoFix Backups\akraswfl.dll.bad
C:\VundoFix Backups\begxuqne.dll.bad
C:\VundoFix Backups\bmjmhrsq.dll.bad
C:\VundoFix Backups\bppugxjg.dll.bad
C:\VundoFix Backups\bshxcvol.dll.bad
C:\VundoFix Backups\bybjxbbl.dll.bad
C:\VundoFix Backups\corhubew.dll.bad
C:\VundoFix Backups\dahcatfk.dll.bad
C:\VundoFix Backups\dvbmbvvj.dll.bad
C:\VundoFix Backups\efeovoxv.dll.bad
C:\VundoFix Backups\emlrlsfk.ini.bad
C:\VundoFix Backups\emqlhxnm.dll.bad
C:\VundoFix Backups\feiehced.dll.bad
C:\VundoFix Backups\frxpeoxs.dll.bad
C:\VundoFix Backups\ftkcpcxa.dll.bad
C:\VundoFix Backups\ftnastur.dll.bad
C:\VundoFix Backups\gdttgmuw.dll.bad
C:\VundoFix Backups\grpasapa.dll.bad
C:\VundoFix Backups\hgcvskgd.dll.bad
C:\VundoFix Backups\hxjiqgly.dll.bad
C:\VundoFix Backups\ibteuotf.dll.bad
C:\VundoFix Backups\idltwepx.dll.bad
C:\VundoFix Backups\ihstougj.dll.bad
C:\VundoFix Backups\ijhxhbgo.dll.bad
C:\VundoFix Backups\inioorre.dll.bad
C:\VundoFix Backups\inptlrqu.dll.bad
C:\VundoFix Backups\joopqwto.dll.bad
C:\VundoFix Backups\jpicibsv.dll.bad
C:\VundoFix Backups\kfslrlme.dll.bad
C:\VundoFix Backups\kfwbqnau.dll.bad
C:\VundoFix Backups\kjwqwgnu.dll.bad
C:\VundoFix Backups\kmnhdsbv.dll.bad
C:\VundoFix Backups\kqclwxck.dll.bad
C:\VundoFix Backups\lwdhldhh.dll.bad
C:\VundoFix Backups\mrkwaevl.dll.bad
C:\VundoFix Backups\mrnpywhs.dll.bad
C:\VundoFix Backups\nuvciftp.dll.bad
C:\VundoFix Backups\oaumbpun.dll.bad
C:\VundoFix Backups\oayjhoxp.dll.bad
C:\VundoFix Backups\ogbhxhji.ini.bad
C:\VundoFix Backups\oslctimh.dll.bad
C:\VundoFix Backups\peqsgsrn.dll.bad
C:\VundoFix Backups\prssmeay.dll.bad
C:\VundoFix Backups\qakqplse.dll.bad
C:\VundoFix Backups\qbwyxyoo.dll.bad
C:\VundoFix Backups\qdscuwqc.dll.bad
C:\VundoFix Backups\qfefjmqr.dll.bad
C:\VundoFix Backups\qkcbykcl.dll.bad
C:\VundoFix Backups\qqstv.bak1.bad
C:\VundoFix Backups\qqstv.bak2.bad
C:\VundoFix Backups\qqstv.ini.bad
C:\VundoFix Backups\qqstv.ini2.bad
C:\VundoFix Backups\rqpuyxtp.dll.bad
C:\VundoFix Backups\rutsantf.ini.bad
C:\VundoFix Backups\sdfohmgg.dll.bad
C:\VundoFix Backups\sipqhnej.dll.bad
C:\VundoFix Backups\sjaykvol.dll.bad
C:\VundoFix Backups\swhnumps.dll.bad
C:\VundoFix Backups\tgbetkkn.dll.bad
C:\VundoFix Backups\tifhxxmm.dll.bad
C:\VundoFix Backups\udvvkako.dll.bad
C:\VundoFix Backups\ueecxobd.dll.bad
C:\VundoFix Backups\uhfdrcgb.dll.bad
C:\VundoFix Backups\ulgpswfv.dll.bad
C:\VundoFix Backups\uprtkrkl.dll.bad
C:\VundoFix Backups\uteyotgs.dll.bad
C:\VundoFix Backups\vbxufxdt.dll.bad
C:\VundoFix Backups\vtsqq.dll.bad
C:\VundoFix Backups\vxswvpas.dll.bad
C:\VundoFix Backups\whhaxmvg.dll.bad
C:\VundoFix Backups\wjbbcvxf.dll.bad
C:\VundoFix Backups\wshqmsgp.dll.bad
C:\VundoFix Backups\xhriygck.dll.bad
C:\VundoFix Backups\xjqwmovd.dll.bad
C:\VundoFix Backups\xknwleyx.dll.bad
C:\VundoFix Backups\xomjpxtc.dll.bad
C:\VundoFix Backups\ynhprmvw.dll.bad
C:\VundoFix Backups\ytuevlwt.dll.bad
C:\VundoFix Backups\yxoybfxh.dll.bad
C:\WINDOWS\BMab270c7e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kenevtyh.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_GEL90XNE
-------\gel90xne
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-11 18:58 . 2008-02-11 18:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-11 14:13 . 2008-02-11 14:14 <DIR> d-------- C:\Program Files\Sexy Poker 5
2008-02-11 10:06 . 2008-02-11 10:06 <DIR> d-------- C:\Documents and Settings\BassMan\Application Data\Magic Match
2008-02-08 11:28 . 2008-02-13 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 11:28 . 2008-02-08 11:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 16:36 . 2008-02-07 16:36 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-07 13:40 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-06 05:52 . 2008-02-06 05:52 <DIR> d-------- C:\Program Files\Kristanix
2008-01-18 16:09 . 2008-01-24 21:50 <DIR> d-------- C:\Program Files\Adware Away
2008-01-15 08:59 . 2008-01-15 08:59 <DIR> d-------- C:\Program Files\Lexmark_HostCD
2008-01-15 08:59 . 2004-01-12 01:02 307,200 --a------ C:\WINDOWS\system32\lexlog.dll
2008-01-15 08:59 . 2008-01-15 08:59 1,699 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-01-15 08:59 . 2008-02-13 15:50 1,044 --a------ C:\WINDOWS\system32\LexFiles.usr
2008-01-15 08:58 . 2008-01-15 08:58 1,084 --a------ C:\WINDOWS\LMAAP2DD.ini
2008-01-15 08:54 . 2008-01-15 08:54 <DIR> d-------- C:\lexmark
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 15:04 --------- d-----w C:\Program Files\PopCap Games
2008-02-04 17:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 13:06 --------- d-----w C:\Program Files\FED LOG
2008-01-20 16:42 --------- d-----w C:\Program Files\America Online 9.0
2008-01-16 21:32 --------- d-----w C:\Documents and Settings\BassMan\Application Data\U3
2008-01-13 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 12:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-12 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-01-12 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCapv1004
2008-01-11 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-01-10 17:33 --------- d-----w C:\Documents and Settings\BassMan\Application Data\Pirateville
2008-01-10 17:15 --------- d-----w C:\Program Files\Shockwave.com
2008-01-07 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-01-07 11:34 --------- d-----w C:\Program Files\Oberon Media
2008-01-04 11:56 --------- d-----w C:\Documents and Settings\BassMan\Application Data\iWin
2008-01-03 02:07 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-02 03:30 --------- d-----w C:\Program Files\Java
2008-01-01 01:09 --------- d-----w C:\Program Files\Eltima Software
2007-12-29 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-28 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-12-23 20:56 --------- d-----w C:\Program Files\Apoint
2007-12-23 20:55 --------- d-----w C:\Program Files\BitmapEx
2007-12-19 01:12 --------- d-----w C:\Program Files\XP Smoker
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-25 09:19 10 -c--a-w C:\Program Files\.autoreg
2006-11-17 17:08 251 -c--a-w C:\Program Files\wt3d.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 10:06 1695504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 17:30 823362]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 13:07 496752]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-12 10:06 1695504]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-16 17:39:25 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-12 15:03:38 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoInstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^BassMan^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
backup=C:\WINDOWS\pss\Neverwinter Nights Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-01-12 15:17 168448 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-06-28 09:14 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2006-01-12 15:07 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"UStorage Server Service"=2 (0x2)
R2 PDFILTER;PDFILTER;C:\PROGRA~1\Dekart\PRIVAT~1\PDFILTER.SYS [2005-12-20 12:17]
R2 PDRJNDL;PDRJNDL;C:\PROGRA~1\Dekart\PRIVAT~1\PDRJNDL.SYS [2004-03-19 10:17]
R2 PRVDISK;PRVDISK;C:\PROGRA~1\Dekart\PRIVAT~1\PRVDISK.SYS [2005-10-02 15:25]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2004-05-21 01:30]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c524a00-e242-11db-911a-00038a000015}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d02e4686-eaf1-11da-8f07-00038a000015}]
\Shell\AutoRun\command - E:\LinksysConnectPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-14 08:03:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
.
**************************************************************************
.
Completion time: 2008-02-14 8:06:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 13:05:55
ComboFix2.txt 2008-02-14 00:39:04
.
2008-02-14 01:02:36 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:45 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://msn.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O9 - Extra 'Tools' menuitem: &BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FFF028D-7030-41F6-B65F-A95C49D738C9}: NameServer = 155.149.34.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mrtmancfp - American Megatrends Inc. - (no file)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7969 bytes