OK, so I saw this topic a little while back, and it seems I have the same problem. Unfortunately that topic was closed so I thought I should start my own. I keep getting random pop ups in both IE and Firefox, its not as bad as all that, but is is annoying. Now in the other topic it said that I should run ComboFix and then do another HJT report. So I did that.
Any help would be greatly appreciated.
David
ComboFix 08-12-14.01 - David 2008-12-14 11:42:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.314 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David\Application Data\GetModule
c:\documents and settings\David\Application Data\GetModule\dicik.gz
c:\documents and settings\David\Application Data\GetModule\kwdik.gz
c:\documents and settings\David\Application Data\GetModule\ofadik.gz
c:\documents and settings\David\Application Data\NI.GSCNS
c:\documents and settings\David\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\David\Application Data\NI.GSCNS\settings.ini
c:\program files\FunWebProducts
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\~.exe
c:\windows\system32\awtUMFuu.dll
c:\windows\system32\janeqcwu.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\njendaop.dll
c:\windows\system32\uuFMUtwa.ini
c:\windows\system32\uuFMUtwa.ini2
c:\windows\system32\wpv681229211116.cpx
c:\windows\system32\zslvyb.dll
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-14 11:37 . 2008-12-14 11:38 <DIR> d-------- C:\32788R22FWJFW
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 19:33 . 2008-12-13 19:33 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-13 19:22 . 2008-12-14 11:38 <DIR> d-------- c:\program files\NOS
2008-12-13 19:22 . 2008-12-14 11:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-13 19:09 . 2008-12-13 19:09 1,647,120 ---hs---- c:\windows\system32\poadnejn.ini
2008-12-13 19:02 . 2008-12-13 19:02 34,816 --a------ c:\windows\system32\iifebcAT.dll
2008-12-10 17:03 . 2008-12-10 17:03 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-10 17:03 . 2008-12-10 17:03 1,409 --a------ c:\windows\QTFont.for
2008-12-10 13:25 . 2008-12-10 13:25 33 --a------ c:\windows\EasyRip.ini
2008-11-22 23:53 . 2008-11-23 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\NexonUS
2008-11-22 16:05 . 2008-11-22 16:05 <DIR> d-------- c:\program files\MediaJoin
2008-11-22 16:05 . 2008-11-22 16:05 <DIR> d-------- c:\documents and settings\David\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
2008-11-22 16:04 . 2008-11-22 16:04 <DIR> d-------- c:\documents and settings\David\Application Data\Seven Zip
2008-11-19 11:14 . 2008-11-19 11:35 <DIR> d-------- c:\program files\Total Video Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 19:09 --------- d-----w c:\documents and settings\David\Application Data\BitTorrent
2008-12-14 19:07 --------- d-----w c:\program files\DNA
2008-12-14 19:07 --------- d-----w c:\documents and settings\David\Application Data\DNA
2008-12-14 02:50 --------- d-----w c:\program files\Veoh Networks
2008-12-14 02:32 --------- d-----w c:\program files\Common Files\Adobe
2008-12-13 10:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Skype
2008-12-10 05:03 --------- d-----w c:\program files\Cartoon Network
2008-12-10 05:02 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-10 05:02 --------- d-----w c:\program files\AVS4YOU
2008-12-10 05:00 --------- d-----w c:\program files\AoA DVD Copy
2008-12-02 18:23 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-23 17:01 --------- d-----w c:\program files\Zune
2008-11-23 07:19 --------- d-----w c:\documents and settings\David\Application Data\Skype
2008-11-12 04:56 --------- d-----w c:\program files\SanDisk
2008-11-07 22:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-07 22:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-07 22:56 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-07 03:31 --------- d-----w c:\documents and settings\Marlene\Application Data\Skype
2008-11-04 03:41 --------- d-----w c:\documents and settings\David\Application Data\AVS4YOU
2008-11-04 03:40 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-01 19:36 38,570 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-10-31 00:19 --------- d-----w c:\documents and settings\Dani\Application Data\BitTorrent
2008-10-29 16:10 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:22 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 22:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-21 16:21 --------- d-----w c:\program files\BitTorrent
2008-10-10 22:55 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-10-10 22:55 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-10-10 22:55 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-10-10 22:55 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-10-10 22:55 341,048 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-10-10 22:55 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-10-10 22:55 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-10-10 22:55 217,088 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-10-10 22:55 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2007-11-27 16:53 4,594 ----a-w c:\documents and settings\David\Application Data\wklnhst.dat
2007-10-01 04:25 57,344 ----a-w c:\documents and settings\HP_Administrator\lametritonus.dll
2007-10-01 04:25 162,304 ----a-w c:\documents and settings\HP_Administrator\lame_enc.dll
2007-04-10 18:08 251 ----a-w c:\program files\wt3d.ini
2006-09-12 05:45 5,171,494 ----a-w c:\program files\egp362b.zip
2006-08-07 19:29 22 -csha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2005-02-02 23:44:24 c:\hp\KBD\bak\KBD.EXE
----a-w 243,248 2006-06-26 17:33:32 c:\program files\Common Files\LogiShrd\LComMgr\bak\LVComSX.exe
----a-w 243,248 2006-06-26 17:33:32 c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
----a-w 497,200 2006-06-26 16:46:04 c:\program files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe
----a-w 497,200 2006-06-26 16:46:04 c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
----a-w 180,269 2006-06-18 03:30:31 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 66,680 2004-02-29 23:44:46 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 68,856 2007-06-13 18:20:38 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 26,535 2008-12-14 19:10:28 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv
----a-w 47,881 2008-01-30 23:49:14 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv
----a-w 249,856 2006-02-16 05:34:58 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 49,152 2005-06-02 06:35:56 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
----a-w 49,152 2005-12-16 01:18:50 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
----a-w 90,112 2006-03-20 16:05:00 c:\program files\HP DigitalMedia Archive\bak\DMAScheduler.exe
----a-w 132,496 2007-09-25 08:11:35 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 57,344 2002-06-25 02:11:28 c:\program files\Lexmark X74-X75\bak\lxbbbmgr.exe
----a-w 57,344 2002-06-25 02:11:28 c:\program files\Lexmark X74-X75\lxbbbmgr.exe
----a-w 614,960 2006-06-26 17:34:40 c:\program files\Logitech\QuickCam10\bak\QuickCam10.exe
----a-w 614,960 2006-06-26 17:34:40 c:\program files\Logitech\QuickCam10\QuickCam10.exe
----a-w 155,648 2006-12-28 04:31:31 c:\program files\QuickTime\bak\qttask.exe
----a-w 124,128 2004-03-12 22:18:32 c:\program files\Symantec AntiVirus\bak\VPTray.exe
----a-w 67,584 2005-09-30 04:01:14 c:\windows\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-06 03:56:34 c:\windows\ehome\ehtray.exe
----a-w 208,952 2004-08-09 21:00:00 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-09 21:00:00 c:\windows\ime\imjp8_1\imjpmig.exe
----a-w 44,032 2004-08-09 21:00:00 c:\windows\ime\imkr6_1\bak\IMEKRMIG.EXE
----a-w 44,032 2004-08-09 21:00:00 c:\windows\ime\imkr6_1\imekrmig.exe
----a-w 237,568 2005-07-23 05:14:00 c:\windows\SMINST\bak\RECGUARD.EXE
----a-w 15,360 2004-08-10 04:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe
----a-w 59,392 2004-08-09 21:00:00 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-08-09 21:00:00 c:\windows\system32\IME\PINTLGNT\imscinst.exe
----a-w 455,168 2004-08-09 21:00:00 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-09 21:00:00 c:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{38E77F06-89FC-44f5-B3AB-11DDEB791947}"= "c:\program files\FrontierSH\SrchHelp\frSrcAs.dll" [2006-03-23 94208]
[HKEY_CLASSES_ROOT\clsid\{38e77f06-89fc-44f5-b3ab-11ddeb791947}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371476F8-CBC7-4AEE-BD49-A6D7B9DD7124}]
2008-12-14 12:11 302592 --a------ c:\windows\system32\wVpMEwvU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-13 19:02 34816 --a------ c:\windows\system32\iifebcAT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9fb456f1-7704-4dfe-b42d-85668ca516cd}]
2008-12-14 12:17 129024 --a------ c:\windows\system32\zkiook.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-21 20036648]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [N/A]
"ares"="c:\program files\Ares\Ares.exe" [N/A]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"SansaDispatch"="c:\documents and settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-11-11 79872]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-09-26 634672]
"GetModule32"="c:\program files\GetModule\GetModule32.exe" [N/A]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [N/A]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [N/A]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [N/A]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-24 57344]
"KBD"="c:\hp\KBD\KBD.EXE" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"1ListActiveDead"="c:\documents and settings\All Users\Application Data\Ref New 1 List\closefilm.exe" [N/A]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2006-06-26 243248]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2007-09-25 167936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]
"PCDrProfiler"="" [N/A]
"Easy Dock"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-17 27136]
c:\documents and settings\Dani\Start Menu\Programs\Startup\
Palm Registration.lnk - c:\program files\Palm\register.exe [2005-08-08 2494464]
c:\documents and settings\Marlene\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-08-27 108032]
c:\documents and settings\David\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-06-28 256000]
RCA Detective.lnk - c:\documents and settings\David\My Documents\RCA Detective\RCADetective.exe [2008-12-10 1069056]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-17 36903]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\iifebcAT.dll" [2008-12-13 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebcAT]
2008-12-13 19:02 34816 c:\windows\system32\iifebcAT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zslvyb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"msacm.l3acm"= l3codecp.acm
"VIDC.WOX"= vct3216.dll
"VIDC.3IV2"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
"VIDC.div3"= DivXc32.dll
"VIDC.div4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.MJPG"= M3JPEG32.DLL
"msacm.i263"= i263_32.drv
"vidc.OGG"= oggDS.dll
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\wVpMEwvU
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
c:\progra~1\MYWEBS~1\bar\6.bin\M3PLUGIN.DLL [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Yahoo! Games\\PuzzleInlay\\PuzzleInlay.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\DRIVERS\sonyhcb.sys [2006-12-20 6097]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
S2 riode32;riode32;\??\c:\windows\system32\drivers\riode32.sys []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\DRIVERS\sonyhcs.sys [2006-12-20 299923]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d659a1a-c6ec-11dd-a125-001731467085}]
\Shell\AutoRun\command - K:\rcaeasyrip_setup.exe
\Shell\install\command - K:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - K:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - K:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - K:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder
2008-12-14 c:\windows\Tasks\B8BEC2DE92C16C6E.job
- c:\docume~1\hp_adm~1\applic~1\spamsc~1\Load Cdrom Bows.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{AE3C866B-BA58-40DC-B7BD-581988C8BE3D} - c:\windows\system32\awtUMFuu.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vista.nau.edu/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - http://edits.mywebse...html?p=ZNfox000
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\fsxmy3o8.default\
FF - prefs.js: browser.startup.homepage - hotmail.com|my.nau.edu|forosdz.com/foro/usercp.php|hxxp://ds.rom-news.org/l47357|mxgamers.org|http://www.gamefaqs.com/features/top10/|http://www.xradicaldreamers.net/downloads/|http://mullemeck.serveftp.org/jps_beta/forum/viewforum.php?f=1&sid=f7f6b7c8e229ef0c4018b158f50a592d|http://www.tokyo-nights.org/forum/f102/|http://bang2tang.livejournal.com/|hi5.com|myspace.com|theotaku.com
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\fsxmy3o8.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\David\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:06:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\iifebcAT.dll
c:\windows\system32\NETUI2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre1.5.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-14 12:28:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 19:28:18
Pre-Run: 58,770,092,032 bytes free
Post-Run: 64,793,128,960 bytes free
401 --- E O F --- 2008-12-12 06:27:06
And here's the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:05 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Documents and Settings\David\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vista.nau.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Frontier Browser Assistant - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1ListActiveDead] C:\Documents and Settings\All Users\Application Data\Ref New 1 List\closefilm.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [788847a7] rundll32.exe "C:\WINDOWS\system32\awbdawwb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [GetModule32] C:\Program Files\GetModule\GetModule32.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\David\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38ADB1AD-36E6-4C7C-8E00-97FE8C569160}: Domain = domain.invalid
O17 - HKLM\System\CS1\Services\Tcpip\..\{38ADB1AD-36E6-4C7C-8E00-97FE8C569160}: Domain = domain.invalid
O17 - HKLM\System\CS2\Services\Tcpip\..\{38ADB1AD-36E6-4C7C-8E00-97FE8C569160}: Domain = domain.invalid
O20 - AppInit_DLLs: zslvyb.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
--
End of file - 14593 bytes
thx again for any help