ComboFix Log
ComboFix 09-05-11.03 - new user 05/12/2009 2:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1305 [GMT -4:00]
Running from: c:\users\new user\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-02 06:30 . 2009-05-05 19:24 -------- d---a-w c:\programdata\TEMP
2009-05-02 06:30 . 2009-05-05 19:24 -------- d---a-w c:\users\All Users\TEMP
2009-05-02 06:30 . 2009-05-06 19:37 -------- d-----w C:\Fraps
2009-04-13 05:36 . 2009-04-13 11:48 -------- d-----w c:\program files\ImageGrabDummy!
2009-04-13 05:25 . 2009-04-13 05:25 -------- d-----w c:\programdata\Zabersoft
2009-04-13 05:25 . 2009-04-13 05:25 -------- d-----w c:\users\All Users\Zabersoft
2009-04-13 05:24 . 2009-04-25 04:22 -------- d-----w c:\program files\PimpFish
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 21:43 . 2007-11-10 18:19 -------- d-----w c:\program files\FXhome PhotoKey
2009-05-07 03:29 . 2009-02-17 02:00 -------- d-----w c:\program files\ASIO4ALL v2
2009-05-07 01:21 . 2007-09-02 03:12 690 ----a-w c:\users\new user\AppData\Roaming\wklnhst.dat
2009-05-02 01:15 . 2007-09-01 19:09 -------- d-----w c:\program files\AOL 9.0a
2009-04-25 04:27 . 2009-03-19 22:42 -------- d-----w c:\program files\GameGain
2009-04-02 02:28 . 2009-04-02 02:28 2028032 ----a-w c:\windows\system32\win32k.sys
2009-04-02 00:47 . 2009-04-02 00:47 -------- d-----w c:\program files\COMODO
2009-04-01 16:44 . 2009-04-01 16:44 -------- d-----w c:\program files\Ventrilo
2009-04-01 16:43 . 2008-09-05 20:49 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-25 00:26 . 2008-09-05 20:49 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 23:38 . 2008-12-29 17:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-24 23:13 . 2008-10-19 13:28 -------- d-----w c:\program files\PicLensIE
2009-03-24 23:13 . 2007-09-16 14:38 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-03-19 22:54 . 2009-01-22 01:06 -------- d-----w c:\program files\IObit
2009-03-11 23:00 . 2008-12-29 18:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 18:09 . 2009-03-03 18:09 53248 ----a-w c:\users\new user\lametritonus_en.dll
2009-03-03 18:09 . 2009-03-03 18:09 162304 ----a-w c:\users\new user\lame_enc_en.dll
2009-02-11 14:19 . 2008-12-29 17:24 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 14:19 . 2008-12-29 17:24 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-22 19:06 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2002-07-26 22:02 . 2007-09-01 02:16 153088 ----a-w c:\program files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"EPSON Stylus Photo RX595 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE" [2007-03-30 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-01 98304]
"CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
c:\users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-9-5 1738032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-25 00:26 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3145862903-2119528392-1372316911-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D4B49E7C-6997-4DDC-88E4-5DF72E3588E3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{160B30FC-5DB1-4315-86AC-4540BF3DA13C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AC5FAA3-476F-4C42-B653-BD9EC4230327}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{552AB7E7-E0D9-4E01-A5EC-A0FF946DDAAB}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{1667B082-7AB0-4C8A-BBFC-263EBED79985}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{8920B62F-21BE-4A17-971E-2634311C4E16}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{1B8CE8FD-4475-4F63-9FBE-DCC18B24931E}"= UDP:c:\program files\AOL 9.0a\waol.exe:AOL
"{94AB6B7B-D3B5-40ED-8F33-6FC0BF611475}"= TCP:c:\program files\AOL 9.0a\waol.exe:AOL
"{75C38AEF-FE49-4A2A-B469-9983CC00E541}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{F9662E69-ED15-4789-9CB2-881E275298B1}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{AB0BBC19-911F-4A22-880D-D7234A5E0717}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E63D98CF-D143-4197-BE0F-D86B6E2315E4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F77FF170-149C-4C39-BB34-FFAFCE24F0ED}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{1A56655A-C3C8-48AC-BCFF-F42F413DF49E}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{19801E92-42AA-4168-B1E3-44D9C44D3F91}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{3FC2DF29-F163-471D-A2F4-AFE562B662F7}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{04DDC8DA-2087-42D2-9D13-CF8BED8A2585}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{88BCF0C1-5BF6-456D-862F-EECDD3727B02}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{485F2795-2009-40A0-9526-6922F27E18FD}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{2D8DAB18-B44B-44F6-9BB1-339C5561A81D}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{B86B2701-E8B6-4F52-B253-968762441391}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{1481B827-3F79-4F40-8126-C177BDD58F2F}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{550B7563-E7E8-4306-B16B-81215B42FA96}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{AED5B045-D65E-44E8-A43D-A05E0327F402}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{5C528D9A-0A98-47E3-95D1-BBECAC18D4E2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{083447D7-43FB-4B0F-B5C6-05A85F5064ED}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{5D7843C0-12BA-4B43-853C-48C439ED03DB}"= UDP:94:VRS Recording System Web Control Panel
"{D03DE626-FBD0-41AC-B84B-B81F1F430B9D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DD6B8580-343E-4B99-A773-9822B707360D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{73199A98-3AD6-442C-83DD-B630515A14E5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9E0F28DE-D965-407D-A5C2-1201D4A8AF32}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{1C69CDDB-B16B-444F-BEC7-3AD747681C44}"= UDP:c:\program files\Common Files\AOL\1188673428\ee\aolsoftware.exe:AOL Services
"{3A86DF06-D6D2-483F-B3EC-A51958BE944A}"= TCP:c:\program files\Common Files\AOL\1188673428\ee\aolsoftware.exe:AOL Services
"{13C2FA47-63A2-418B-BF86-D9F06076FCF2}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{DD06C204-53E2-48AE-BC04-CF6D0A5A1A3F}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{8A1F003E-2648-4EE7-9B95-4FE18FB690F8}"= UDP:443:ooVoo TCP port 443
"{6BBD9DF4-6099-47C2-B8E3-93D37375A4CF}"= TCP:443:ooVoo UDP port 443
"{35826AFC-0904-4CF4-AF45-8245798AE54D}"= UDP:37674:ooVoo TCP port 37674
"{ABBD8525-3FB7-4738-BA88-3AEA12063F79}"= TCP:37674:ooVoo UDP port 37674
"{71D0A030-70AA-4F74-8C38-D6BAEFB07A62}"= TCP:37675:ooVoo UDP port 37675
"{D5A75EDA-70B3-4D42-AB57-52356A40FEE9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0742C65A-E271-40E6-8721-5B745CA458A1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{367E8E59-1D8B-45FE-8C97-11830E4FB0CE}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{4999CE1F-207C-4452-83C4-EDF728FD3DFC}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\System32\drivers\AVer88xHD.sys [5/21/2007 2:25 AM 401408]
R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [12/24/2008 9:51 PM 94720]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\System32\drivers\nwusbser2.sys [4/19/2007 11:09 AM 99200]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 6:25 AM 2589184]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [12/26/2007 3:46 AM 288768]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
*Deregistered* - dump_wmimmc
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-05-07 01:22]
2009-05-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-03-04 23:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CE447773-B8EB-4B50-BE70-80049147B580} = 69.78.96.14 66.174.95.44
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\z3v6pkwt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\users\new user\AppData\Roaming\Mozilla\Firefox\Profiles\z3v6pkwt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 02:36
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(816)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2009-05-12 2:37
ComboFix-quarantined-files.txt 2009-05-12 06:37
ComboFix2.txt 2009-04-28 20:12
ComboFix3.txt 2009-03-26 07:00
Pre-Run: 277,951,787,008 bytes free
Post-Run: 278,858,489,856 bytes free
222 --- E O F --- 2009-04-02 02:38
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:12 AM, on 5/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\ModPS2Key.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ArcSoft\PhotoImpression 6\Monitor.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\new user\Desktop\hijackgpthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Windows\TEMP\E_SE2AA.tmp" /EF "HKCU"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris....ed/plinstll.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE447773-B8EB-4B50-BE70-80049147B580}: NameServer = 69.78.96.14 66.174.95.44
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6132 bytes