Thanks a lot for all your help. I'm having to shuttle these results from my computer on a USB drive up to my son's laptop because my computer has become pretty much unusable.
Here's my ComboFix log:
ComboFix 08-05-12.1 - Jeff 2008-05-15 17:23:12.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2099 [GMT -6:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\ghRuwyay.ini
C:\Windows\System32\ghRuwyay.ini2
C:\Windows\system32\urweeynp.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-15 15:03 . 2008-05-15 15:03 133,120 --a------ C:\Windows\System32\badlrpnh.dll
2008-05-15 15:03 . 2008-05-15 15:03 116,736 --a------ C:\Windows\System32\pnyeewru.dll
2008-05-15 15:01 . 2008-05-15 15:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 15:00 . 2008-05-11 17:13 57,856 --a------ C:\Windows\System32\mlJbBrQK.dll
2008-05-14 21:23 . 2008-05-14 21:23 126,464 --a------ C:\Windows\System32\iulefaqn.dll
2008-05-14 12:56 . 2008-05-14 12:56 2,048 --a------ C:\Windows\System32\pvxeqnvf.exe
2008-05-14 12:52 . 2008-05-14 12:52 126,464 --a------ C:\Windows\System32\ostwuvhi.dll
2008-05-14 12:38 . 2008-05-14 12:38 369,664 --a------ C:\Windows\System32\yaywuRhg.dll
2008-05-13 16:27 . 2008-05-13 16:27 524,288 --ahs---- C:\ntuser.dat{8463f671-2115-11dd-a739-0013d3a9515a}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 16:27 . 2008-05-15 15:00 524,288 --ahs---- C:\ntuser.dat{8463f671-2115-11dd-a739-0013d3a9515a}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 16:27 . 2008-05-13 16:27 524,288 --ahs---- C:\ntuser.dat{8463f66d-2115-11dd-a739-0013d3a9515a}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 16:27 . 2008-05-13 16:27 524,288 --ahs---- C:\ntuser.dat{8463f66d-2115-11dd-a739-0013d3a9515a}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 16:27 . 2008-05-15 15:00 262,144 --a------ C:\ntuser.dat
2008-05-13 16:27 . 2008-05-15 15:00 65,536 --ahs---- C:\ntuser.dat{8463f671-2115-11dd-a739-0013d3a9515a}.TM.blf
2008-05-13 16:27 . 2008-05-13 16:27 65,536 --ahs---- C:\ntuser.dat{8463f66d-2115-11dd-a739-0013d3a9515a}.TM.blf
2008-05-13 16:27 . 2008-05-15 15:00 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-13 16:27 . 2008-05-13 16:27 0 --ah----- C:\ntuser.dat.LOG2
2008-05-13 01:36 . 2008-05-13 01:36 <DIR> d-------- C:\VundoFix Backups
2008-05-13 00:24 . 2008-05-13 00:24 294 ---hs---- C:\Windows\System32\gtgrljir.ini
2008-05-12 17:28 . 2008-05-12 17:28 115,712 --a------ C:\Windows\System32\rijlrgtg.dll
2008-05-12 17:28 . 2008-05-12 17:28 2,048 --a------ C:\Windows\System32\abjemjwc.exe
2008-05-12 17:25 . 2008-05-12 17:25 125,952 --a------ C:\Windows\System32\dagetkqt.dll
2008-05-12 16:31 . 2008-05-13 10:47 421 --a------ C:\Windows\wininit.ini
2008-05-12 10:33 . 2008-05-12 16:31 69 --a------ C:\Windows\NeroDigital.ini
2008-05-12 05:34 . 2008-05-12 05:34 2,048 --a------ C:\Windows\System32\fmvxhuig.exe
2008-05-12 05:28 . 2008-05-12 05:28 125,952 --a------ C:\Windows\System32\xyvfembe.dll
2008-05-11 23:56 . 2008-05-11 23:56 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-11 23:49 . 2008-05-11 23:49 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Nero
2008-05-11 23:35 . 2008-05-11 23:35 <DIR> d-------- C:\Users\All Users\Nero
2008-05-11 23:35 . 2008-05-11 23:35 <DIR> d-------- C:\ProgramData\Nero
2008-05-11 23:35 . 2008-05-11 23:35 <DIR> d-------- C:\Program Files\Nero
2008-05-11 23:35 . 2008-05-11 23:40 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-11 20:53 . 2008-05-11 20:53 57,856 --a------ C:\Windows\System32\efcYstUk.dll
2008-05-11 20:52 . 2008-05-11 20:52 57,856 --a------ C:\Windows\System32\iifdCUop.dll
2008-05-11 20:41 . 2008-05-11 20:41 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Netscape
2008-05-11 20:41 . 2008-05-11 20:41 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-05-11 20:40 . 2008-05-11 20:40 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Photodex
2008-05-11 20:40 . 2008-05-11 20:40 <DIR> d-------- C:\Program Files\Photodex
2008-05-11 17:15 . 2008-05-11 17:15 57,856 --a------ C:\Windows\System32\byXPJCvT.dll
2008-05-07 14:40 . 2008-05-07 14:40 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-07 14:39 . 2008-05-07 14:39 <DIR> d-------- C:\Program Files\MSECACHE
2008-04-27 00:14 . 2008-04-27 00:14 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Samsung
2008-04-26 22:19 . 2007-07-03 16:58 106,792 --a------ C:\Windows\System32\drivers\sscdmdm.sys
2008-04-26 22:19 . 2007-07-03 16:54 80,552 --a------ C:\Windows\System32\drivers\sscdbus.sys
2008-04-26 22:19 . 2007-07-03 16:57 11,944 --a------ C:\Windows\System32\drivers\sscdmdfl.sys
2008-04-26 22:19 . 2007-07-03 17:00 9,256 --a------ C:\Windows\System32\drivers\sscdwhnt.sys
2008-04-26 22:19 . 2007-07-03 17:00 9,256 --a------ C:\Windows\System32\drivers\sscdwh.sys
2008-04-26 22:19 . 2007-07-03 16:56 9,256 --a------ C:\Windows\System32\drivers\sscdcmnt.sys
2008-04-26 22:19 . 2007-07-03 16:56 9,256 --a------ C:\Windows\System32\drivers\sscdcm.sys
2008-04-26 22:01 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-26 21:47 . 2008-04-26 22:33 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-26 21:47 . 2008-04-26 21:47 <DIR> d-------- C:\Program Files\Samsung
2008-04-26 21:47 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-26 17:41 . 2008-04-26 17:41 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-04-26 17:41 . 2008-04-26 17:41 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-04-17 16:33 . 2008-04-17 16:33 <DIR> d--h----- C:\Windows\PIF
2008-04-17 16:19 . 2008-04-17 16:19 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-16 14:22 . 2008-04-16 14:22 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-15 12:13 . 2008-04-15 12:13 <DIR> d-------- C:\Program Files\illiminable
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 18:33 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-14 09:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 00:36 --------- d-----w C:\Program Files\Java
2008-05-12 06:15 --------- d-----w C:\Users\Jeff\AppData\Roaming\uTorrent
2008-05-07 16:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-27 04:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 14:11 --------- d-----w C:\Program Files\McAfee
2008-04-22 04:15 --------- d-----w C:\Program Files\Apple Software Update
2008-04-15 18:20 --------- d-----w C:\Program Files\DivX
2008-04-11 21:16 --------- d-----w C:\ProgramData\Rosetta Stone
2008-04-10 22:32 --------- d-----w C:\Program Files\Rosetta Stone
2008-04-08 21:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-08 16:03 --------- d-----w C:\Program Files\iTunes
2008-04-08 16:02 --------- d-----w C:\Program Files\iPod
2008-04-08 16:01 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-30 23:47 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-30 23:43 --------- d-----w C:\ProgramData\ALM
2008-03-30 17:23 --------- d-----w C:\Program Files\HP
2008-03-30 17:22 --------- d-----w C:\Program Files\Bit Che
2008-03-30 00:15 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-29 01:13 --------- d-----w C:\Users\Jeff\AppData\Roaming\Convivea
2008-03-29 00:35 --------- d-----w C:\Users\Jeff\AppData\Roaming\Intuit
2008-03-26 03:15 4,137,312 ----a-w C:\Windows\system32\drivers\RTKVAC.SYS
2008-03-25 23:10 --------- d-----w C:\ProgramData\FLEXnet
2008-03-24 18:09 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-23 06:10 --------- d-----w C:\ProgramData\NVIDIA
2008-03-23 04:45 174 --sha-w C:\Program Files\desktop.ini
2008-03-23 04:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-23 04:35 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-23 04:35 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 04:35 --------- d-----w C:\Program Files\Windows Defender
2008-03-23 04:35 --------- d-----w C:\Program Files\Windows Calendar
2008-03-23 04:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-23 04:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-23 03:30 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-23 03:30 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-22 23:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-22 23:41 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-22 23:34 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-05 17:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 23:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-27 20:29 691,200 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-02-26 22:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-22 01:45 2,159,104 ----a-w C:\Windows\System32\RtkAPO.dll
2008-02-18 22:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_2008-05-14_17.40.30.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 19:46:15 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-15 23:27:20 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-14 19:46:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-15 23:27:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-14 19:46:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-15 23:27:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-14 23:01:21 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-15 23:28:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 19:56:56 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 23:31:45 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-14 20:04:52 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-15 23:30:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 19:56:24 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 23:31:45 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-14 19:58:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-15 21:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-14 19:58:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-15 21:01:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-14 19:58:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-15 21:01:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-14 18:35:16 13,544 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1562509806-1534118259-204619160-1000_UserData.bin
+ 2008-05-15 21:02:26 13,760 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1562509806-1534118259-204619160-1000_UserData.bin
- 2008-05-14 18:35:15 68,378 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 21:02:15 68,440 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-14 18:35:15 51,616 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 21:01:17 51,656 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E74831C-6591-46E2-95A8-7AD92E9FC27C}]
2008-05-14 12:38 369664 --a------ C:\Windows\system32\yaywuRhg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{278E279A-5FCA-445B-B5E1-CEA7ED4AA24E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{421DDDDC-F711-4D71-8F66-5F54E2DAA7B4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbd9570-f321-490d-907e-6d4cfd7c238a}]
2008-05-15 15:03 133120 --a------ C:\Windows\system32\badlrpnh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 06:35 176128]
"MSServer"="C:\Windows\system32\ljjihEWp.dll" [2008-05-11 17:13 57856]
"UMonit"="C:\Windows\system32\umonit.exe" [2006-07-26 16:21 53248]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"Wise-FTP Scheduler"="" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2007-06-24 15:51 598016 C:\Windows\SOUNDMAN.EXE]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dccf36f4"="C:\Windows\system32\pnyeewru.dll" [2008-05-15 15:03 116736]
"BMdffc0568"="C:\Windows\system32\iulefaqn.dll" [2008-05-14 21:23 126464]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"= C:\Windows\system32\ljjihEWp.dll [2008-05-11 17:13 57856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=C:\Windows\system32\oodtray.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1562509806-1534118259-204619160-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC9EFAB7-16AB-423A-8B96-67F17513E704}"= Disabled:UDP:C:\Users\Jeff\AppData\Local\Temp\7zS166F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E0DD2F3C-58F2-4729-BAE0-E1C1FECDC471}"= Disabled:TCP:C:\Users\Jeff\AppData\Local\Temp\7zS166F.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{45505A9A-D1C2-4EA6-B766-07DE6C79B5AF}C:\\program files\\@last software\\sketchup 5\\sketchup.exe"= UDP:C:\program files\@last software\sketchup 5\sketchup.exe:SketchUp Application
"UDP Query User{995A8C83-DE22-4ACD-8D60-9566FD32E49E}C:\\program files\\@last software\\sketchup 5\\sketchup.exe"= TCP:C:\program files\@last software\sketchup 5\sketchup.exe:SketchUp Application
"{47AB9744-212B-446F-8A70-80D084469864}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{6CAA15F2-CEBA-4037-BA4C-3F54EC6BE83E}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C0AC8C95-FD54-4289-A5FD-860E3AB2A408}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{0487A534-FDEE-46FD-B531-714C7D908CF2}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{1FCA9608-5BEB-4AF1-A7D9-CEE0F07D9184}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{868491BA-F120-4145-ADED-1498609B81C4}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{BA124B0D-F403-42E4-B401-824201F32D83}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{1069799F-46B6-41CF-9DE5-00329F3519C7}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{BE624919-19C0-430F-B28A-E9FA469FA6E6}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{9C5233B7-EF77-427B-BE33-2C5232E7EF40}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{32586D09-94C0-4B41-BAD2-3C9E975746EF}"= UDP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{13082C33-2180-4424-97F4-4824888DCCC8}"= TCP:C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{2AD1827B-FF08-4646-A163-DE875ED185CA}"= Disabled:UDP:C:\Users\Jeff\AppData\Local\Temp\7zS17CF.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B02335F8-16E8-480B-97F3-15693875C00F}"= Disabled:TCP:C:\Users\Jeff\AppData\Local\Temp\7zS17CF.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A6DBB02C-445C-46DE-BBEC-AA49B2FD6E7B}"= UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp
"{2E998C82-A91D-4A08-B32F-D6B814BA6B8B}"= TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp
"{3F916C32-FB38-47CA-97C6-FF7766EA2359}"= UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw
"{2FE8AF9D-A2E7-457E-BB91-462CA7E53592}"= TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw
"{1948DEC8-8A25-466B-BED9-DEF4D88E9CC4}"= UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08
"{0177DDC1-1E60-4708-A019-BE47CCCBF3B0}"= TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08
"{EE194B02-B7CB-4917-8B45-E0420E7E7757}"= UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08
"{F8576BED-E61F-4A87-AAFB-8189EC629FFF}"= TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08
"{16624AC9-1C67-4BA2-9F98-3EC3EB9FEC28}"= Disabled:UDP:C:\Users\Jeff\AppData\Local\Temp\7zS7B78.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A0EBCA7F-8B6B-4E29-A644-0E2D6C10978B}"= Disabled:TCP:C:\Users\Jeff\AppData\Local\Temp\7zS7B78.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3A0D08D5-1A80-4F5C-8D8A-E3A0B63DCF18}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{FCC942EF-A17E-41A4-A75D-FE6D1475C9AB}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{B860A650-A5C8-4D28-A264-A7D64A903AC3}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{19879171-F4E0-4111-8990-3B8C02A8795D}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{B2330FFC-9EC1-4BCE-8B1E-027241A14A80}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{23A0A3C2-441B-49E8-B444-6AE539E8040D}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6D576AD6-BBA0-4DD8-971B-319DC44BABCE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3BE8E323-F9C4-4514-9819-76AA5C184CC3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8210E4C4-FADF-409A-8485-EAC012FE7472}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{71F375B2-13E7-4DFB-9653-19E7637F2A68}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5BDEC409-601E-46E2-9527-CC65AE1E8747}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{AF897D66-0A9C-45DA-BF75-2CA5B5C250BF}"= Disabled:UDP:C:\Users\Jeff\AppData\Local\Temp\7zS2C88.tmp\setup\HPZnui01.exe:hpznui01.exe
"{57F2ADB2-2D42-46C2-9787-A727EBED3989}"= Disabled:TCP:C:\Users\Jeff\AppData\Local\Temp\7zS2C88.tmp\setup\HPZnui01.exe:hpznui01.exe
"{20703F97-23CC-46C3-922A-F49BAB9617A4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5B6892CD-620D-49B8-B89A-22C51C011091}"= Disabled:UDP:C:\Users\Jeff\AppData\Local\Temp\7zS67A2.tmp\setup\HPZnui01.exe:hpznui01.exe
"{46B3C6C4-DFAD-4858-A590-5F6C18E87088}"= Disabled:TCP:C:\Users\Jeff\AppData\Local\Temp\7zS67A2.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B4828BCF-54EB-4D65-88A4-027863B1EBCE}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{9E2AC672-0F8B-4EA7-80C8-B03ED25347E3}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{9C52B2FE-4A8C-4EDE-A500-16B382AE72C3}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{CCB71A22-26E4-4005-8D57-A471820DFA6B}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{7E2B7F2B-F666-4870-8F42-4F2D0EF3D618}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F9EC092F-6032-4D48-A57C-BC950E18AF74}"= UDP:3703:Adobe Version Cue CS3 Server
"{1BE55E44-1577-452A-AF37-5775F5540B9D}"= UDP:3704:Adobe Version Cue CS3 Server
"{54A05B88-4A4B-4187-9FBC-C4D39F57F421}"= UDP:50900:Adobe Version Cue CS3 Server
"{4F7CA21E-B400-4971-B7D3-959380DAA000}"= UDP:50901:Adobe Version Cue CS3 Server
"{DF1CF350-EEF0-4BD5-B6A1-626FA08B3B5B}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{554E6834-5C13-45B6-ABDC-A7301B17F364}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{4CA77338-434D-431E-87A1-A184BFD02880}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{87061B3D-6B0D-45F7-9E57-C38479AED1E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CA11177E-C4C4-4BDA-B940-73D566019A27}"= C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{77F7FCE5-F2FE-4D93-B84F-1E951E463302}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound)
"{EAC97C79-1137-4BF6-8E2C-32426E1B5E29}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {B1E3ACD2-F7DD-4D93-AFA9-77E0280F1D89},{689A8B08-2D2D-4DD6-BD6D-B6143E3D62B2}
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 10:55]
S3 fixustor;fixustor;C:\Windows\system32\drivers\fixustor.sys [2006-07-26 16:21]
S3 UNINST2K;UNINST2K;C:\Windows\system32\Drivers\UNINST2K.SYS [2000-11-15 15:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{124c6648-a459-11dc-8403-0013d3a9515a}]
\shell\AutoRun\command - G:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 12:13:06 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 08:00:37 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-05-15 23:35:00 C:\Windows\Tasks\User_Feed_Synchronization-{070C73AF-C48F-4BFD-A45F-4AD1CB660346}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-15 17:31:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Jeff\AppData\Local\Temp\DIODEA2.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\ljjihEWp.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\pnyeewru.dll
-> C:\Windows\system32\iulefaqn.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\oodag.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2008-05-15 17:37:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 23:37:22
ComboFix2.txt 2008-05-14 23:42:01
ComboFix3.txt 2008-05-13 19:39:39
ComboFix4.txt 2008-05-13 17:09:53
ComboFix5.txt 2008-05-13 05:57:56
Pre-Run: 62,582,714,368 bytes free
Post-Run: 62,230,421,504 bytes free
379 --- E O F --- 2008-05-14 09:08:17
And here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:25 PM, on 5/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\umonit.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0E74831C-6591-46E2-95A8-7AD92E9FC27C} - C:\Windows\system32\yaywuRhg.dll
O2 - BHO: (no name) - {278E279A-5FCA-445B-B5E1-CEA7ED4AA24E} - (no file)
O2 - BHO: (no name) - {421DDDDC-F711-4D71-8F66-5F54E2DAA7B4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {a832c7df-c4d6-e709-d094-123f0759dbd8} - {8dbd9570-f321-490d-907e-6d4cfd7c238a} - C:\Windows\system32\badlrpnh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjihEWp.dll,#1
O4 - HKLM\..\Run: [UMonit] C:\Windows\system32\umonit.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dccf36f4] rundll32.exe "C:\Windows\system32\pnyeewru.dll",b
O4 - HKLM\..\Run: [BMdffc0568] Rundll32.exe "C:\Windows\system32\iulefaqn.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://www.msi.com.twO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 9873 bytes
This topic is locked
Sign In
Create Account
