ok thank you alot i just have few things to say before:
i didnt find this file in hijackthis:O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\YANNIV~1\AppData\Local\Temp\cbXQkihF.dll,#1
after doing the OT movie it it said:File/Folder C:\Users\YANNIV~1\AppData\Local\Temp\cbXQkihF.dll not found.
DllUnregisterServer procedure not found in C:\Users\YANNIV~1\AppData\Local\Temp\mlJBTnkH.dll
C:\Users\YANNIV~1\AppData\Local\Temp\mlJBTnkH.dll NOT unregistered.
File move failed. C:\Users\YANNIV~1\AppData\Local\Temp\mlJBTnkH.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\YANNIV~1\AppData\Local\Temp\tgcqkxqc.dll
C:\Users\YANNIV~1\AppData\Local\Temp\tgcqkxqc.dll NOT unregistered.
C:\Users\YANNIV~1\AppData\Local\Temp\tgcqkxqc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\YANNIV~1\AppData\Local\Temp\qsjlemub.dll
C:\Users\YANNIV~1\AppData\Local\Temp\qsjlemub.dll NOT unregistered.
C:\Users\YANNIV~1\AppData\Local\Temp\qsjlemub.dll moved successfully.
< Purity >
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05022008_185406
ok and in combofix it like restored my computer, is that normal?
last thing is when i restarted my computer it said that: C:\Users\YANNIV~1\AppData\Local\Tem\mIJBTnkH.dll and C:\Users\YANNIV~1\AppData\Local\Tem\qsjlemub.dll cannot be found\
ok and this is my combo fix report:
ComboFix 08-05-01.3 - Yanniv Perez 2008-05-02 19:09:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.397 [GMT -5:00]
Running from: C:\Users\Yanniv Perez\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 00:09 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\DNA
2008-05-02 01:57 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 22:50 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\Uniblue
2008-04-30 22:50 --------- d-----w C:\Program Files\Uniblue
2008-04-24 04:01 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\ErrorSmart
2008-04-22 21:10 --------- d-----w C:\ProgramData\DVD Shrink
2008-04-22 20:57 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-04-22 05:42 --------- d-----w C:\ProgramData\Apple
2008-04-22 05:42 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 02:45 --------- d-----w C:\Program Files\EA GAMES
2008-04-17 04:51 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\BitTorrent
2008-04-15 01:26 --------- d-----w C:\ProgramData\WLInstaller
2008-04-14 23:28 --------- d-----w C:\Program Files\Microsoft Virtual PC
2008-04-13 15:52 --------- d-----w C:\Program Files\QuickTime
2008-04-11 22:42 --------- d-----w C:\Program Files\QuickTime(7)
2008-04-09 23:41 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 03:24 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-06 18:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 18:56 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-06 18:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 18:48 --------- d-----w C:\Program Files\Ubisoft
2008-04-06 18:40 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-06 18:40 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\DAEMON Tools
2008-04-06 16:13 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-02 01:20 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\BearShare
2008-03-28 21:46 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\Apple Computer
2008-03-28 21:44 --------- d-----w C:\Program Files\Safari
2008-03-16 05:11 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\LimeWire
2008-03-16 04:39 --------- d-----w C:\Program Files\BearShare Applications
2008-03-16 04:34 --------- d-----w C:\Program Files\Undisker
2008-03-16 04:30 --------- d-----w C:\ProgramData\TEMP
2008-03-16 04:30 --------- d-----w C:\Program Files\LSoft Technologies
2008-03-16 03:38 --------- d-----w C:\Users\Yanniv Perez\AppData\Roaming\DataSafeOnline
2008-03-14 21:08 --------- d-----w C:\Program Files\Google
2008-03-12 23:02 --------- d-----w C:\Program Files\Serials 2000
2008-03-10 01:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-10 01:10 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-09 21:51 --------- d-----w C:\Program Files\DNA
2008-03-09 21:51 --------- d-----w C:\Program Files\BitTorrent
2008-03-09 18:07 --------- d-----w C:\Program Files\NudgeMania
2008-03-09 06:11 --------- d-----w C:\Program Files\DivX
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-24 03:43 520,192 ----a-w C:\Windows\System32\WAH.scr
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 01:45 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 01:42 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 01:42 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-14 01:42 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-14 01:42 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 01:42 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-14 01:42 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-14 01:42 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-14 01:42 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-14 01:41 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-14 01:41 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-14 01:41 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-14 01:41 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-14 01:41 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-14 01:41 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-14 01:41 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-14 01:41 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-14 01:41 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-14 01:38 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 01:38 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 01:37 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-14 01:37 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 01:37 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-14 01:37 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 01:37 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-02-14 01:37 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 01:37 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-14 01:35 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-14 01:33 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-02-13 00:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-13 00:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-13 00:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-13 00:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-13 00:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-13 00:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-13 00:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-13 00:10 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-13 00:10 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-07 20:13 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-29 02:52 0 ----a-w C:\Users\Yanniv Perez\AppData\Roaming\wklnhst.dat
2008-01-18 19:48 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Users\Yanniv Perez\Program Files\DNA\btdna.exe" [2008-04-11 16:01 288576]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 22:31 1006264]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 04:21 1807696]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"EarthLink Installer"=" /C" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 23:29 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 04:41 4452352 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-18 15:05:04 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 07:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 04:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 12:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F98583F2-E7C7-40E6-88DC-F6E2E58D8A24}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{549F15F8-0EC3-4578-8E2D-DE7A11F177D9}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{2F9EBC3B-C61A-45FE-A414-80591551F611}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8CADC5D4-E6E8-4FB9-A497-93727642AFA6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{36B23486-9525-40E8-8745-CD0D4625891B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{615FD37B-544B-4D3C-B543-45E86A01940F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{4872F4B0-FD18-4ED8-90CE-AEB7750E7E81}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{8A4E1AAB-3EA0-4F4E-B065-2851AC95F8BE}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{8A370074-6ECA-4241-9220-401348756E51}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{3CE9972E-872A-468E-84FF-4FEAA31AC8E0}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{4B3A3959-EFD2-4F12-BE81-0EFDF65CA319}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{364BEA13-2E97-4EB7-85B9-434533EB3A9A}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{7AEA1E1F-3057-4923-B191-0313FEAC424B}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSrv.exe [2007-12-05 07:17]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-22 22:39]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 04:49]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-22 22:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{087a85bf-e630-11dc-9db5-806e6f6e6963}]
\shell\AutoRun\command - E:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{374e6887-0409-11dd-ad9e-001e4f46369f}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb2b3ed-c5fd-11dc-804c-806e6f6e6963}]
\shell\AutoRun\command - E:\setup\rsrc\autorun.exe
\shell\dinstall\command - E:\Directx\dxsetup.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 23:12:00 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-05-02 23:35:41 C:\Windows\Tasks\User_Feed_Synchronization-{4C5FDE7D-CFE9-41B4-A61E-51F3522E9E50}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-02 19:12:31
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-02 19:13:41
ComboFix-quarantined-files.txt 2008-05-03 00:13:27
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
212 --- E O F --- 2008-05-01 00:54:15
ok and this is my new hijackthis report, thanks alot:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:59 PM, on 02/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Yanniv Perez\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EA GAMES\LOTR The Return of the King tm\ROTK.exe
C:\Users\YANNIV~1\AppData\Local\Temp\~e5d141.tmp
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nba.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yanniv Perez\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\YANNIV~1\AppData\Local\Temp\tuvTkKEW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\YANNIV~1\AppData\Local\Temp\mlJBTnkH.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1ab29469] rundll32.exe "C:\Users\YANNIV~1\AppData\Local\Temp\tgcqkxqc.dll",b
O4 - HKCU\..\Run: [BM1981a7f5] Rundll32.exe "C:\Users\YANNIV~1\AppData\Local\Temp\qsjlemub.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) -
http://www.powerflas...in/powerres.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebo...Uploader4_5.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8663 bytes