Ok, Sent the file just as you asked and it uploaded this time. While I was sitting here Friday frustrated at not being able to upload the file to bleepingcomputer.com I ran another program that I see used here a lot on the Tech nsupport forum, It was Malwarebytes. I ran a quick scan and it actually found two problems and corrected them. I then ran a full Malwarebytes scan afterwards, and it was clean. I have added the first Malwarebytes log that showed the two problems. I hope it's ok that I did this. I have also attached the Combofix log and the Highjackthis log as requested.
Malwarebytes' Anti-Malware 1.17
Database version: 846
10:12:21 PM 6/20/2008
mbam-log-6-20-2008 (22-12-21).txt
Scan type: Quick Scan
Objects scanned: 40838
Time elapsed: 7 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\TheSpyBot (Rogue.TheSpyBot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
ComboFix 08-06-16.2 - Randy 2008-06-22 9
48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.164 [GMT -5:00]
Running from: C:\Documents and Settings\Randy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Randy\Desktop\Cfscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\system32\nsa4.tmp
C:\WINDOWS\system32\nse7.tmp
C:\WINDOWS\system32\nsgA.tmpmciole_dll
C:\WINDOWS\system32\nslD.tmpmciole_dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsa4.tmp
C:\WINDOWS\system32\nse7.tmp
C:\WINDOWS\system32\nsgA.tmpmciole_dll
C:\WINDOWS\system32\nslD.tmpmciole_dll
C:\WINDOWS\system32\usr32.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-22 08:48 . 2008-06-22 08:48 1,511,338 --a------ C:\QooBox.zip
2008-06-21 10:39 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-21 10:28 . 2008-06-21 10:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-21 10:28 . 2008-06-21 10:28 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-21 10:28 . 2008-06-21 10:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-21 10:04 . 2008-04-13 19:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-21 10:03 . 2008-04-13 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-06-21 10:03 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-06-21 10:03 . 2008-04-13 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-20 20:34 . 2008-06-20 20:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 20:34 . 2008-06-20 20:34 <DIR> d-------- C:\Documents and Settings\Randy\Application Data\Malwarebytes
2008-06-20 20:34 . 2008-06-20 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 20:34 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-20 20:34 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 21:32 . 2008-06-18 17:31 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 19:30 . 2008-06-17 20:14 <DIR> d-------- C:\XPSP2
2008-06-17 19:30 . 2008-06-17 19:32 <DIR> d-------- C:\XPCDi386
2008-06-17 17:57 . 2008-06-17 17:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-17 17:56 . 2008-06-17 17:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-17 17:52 . 2008-06-17 18:36 <DIR> d-------- C:\SDFix
2008-06-16 20:55 . 2008-06-16 20:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 22:13 . 2008-06-15 22:13 <DIR> d-------- C:\Deckard
2008-06-13 23:37 . 2008-06-13 23:37 <DIR> d-------- C:\Program Files\Sun
2008-06-12 10:55 . 2008-06-12 10:55 <DIR> d-------- C:\Program Files\Karen's Power Tools
2008-06-12 10:55 . 2008-06-12 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2008-06-12 10:08 . 2008-06-12 10:08 <DIR> d-------- C:\ie-spyad_zo
2008-06-10 16:41 . 2008-06-10 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-10 12:21 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 12:20 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 22:53 . 2008-06-10 17:48 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-09 22:53 . 2008-06-11 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 14:12 17,995,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-22 13:59 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-22 04:09 243,788 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-21 00:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 22:48 108,935,271 ----a-w C:\WINDOWS\system32\dsqcache.dll
2008-06-18 10:30 590,848 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-06-18 01:40 6,810,675 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-17 22:48 --------- d-----w C:\Program Files\Java
2008-06-15 19:15 --------- d-----w C:\Program Files\OpenedFilesView
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 18:08 2,423 ----a-w C:\WINDOWS\dep32ceg.dll
2008-06-12 15:17 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-06-12 00:56 277,504 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-06-12 00:56 2,834,432 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-06-11 22:15 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-06-10 13:25 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-06-09 16:56 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-06-09 14:30 570,880 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-06-07 20:00 2,756,608 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-06-07 20:00 12,800 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-06-07 19:58 2,756,608 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-06-07 19:58 13,312 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-06-07 19:56 1,740,288 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-06-07 14:57 2,811,904 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-06-07 14:57 2,721,280 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-06-07 02:55 2,707,968 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-06-07 02:55 1,603,584 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-06-06 21:34 443,904 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-31 16:00 222,208 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-05-25 20:15 658,432 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-05-20 22:26 --------- d-----w C:\Program Files\Apple Software Update
2008-05-19 21:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-11 19:48 --------- d-----w C:\Program Files\Stellarium
2008-05-11 19:48 --------- d-----w C:\Documents and Settings\Randy\Application Data\Stellarium
2008-05-11 19:21 --------- d-----w C:\Program Files\Calendar Magic
2008-05-11 18:59 53,248 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-05-11 13:03 --------- d-----w C:\Program Files\Sudoktor
2008-05-11 04:14 2,184,704 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-11 01:16 --------- d-----w C:\Program Files\LimeWire
2008-05-11 01:16 --------- d-----w C:\Documents and Settings\Randy\Application Data\LimeWire
2008-05-11 00:43 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-10 04:50 --------- d-----w C:\Program Files\EssentialPIM
2008-05-10 04:50 --------- d-----w C:\Documents and Settings\Randy\Application Data\EssentialPIM
2008-05-10 04:45 --------- d-----w C:\Program Files\Rainlendar2
2008-05-10 03:17 --------- d-----w C:\Documents and Settings\Randy\Application Data\Talkback
2008-05-09 18:32 --------- d-----w C:\Program Files\e-Sword
2008-05-09 14:34 --------- d-----w C:\Program Files\BeST 2.0 Standard
2008-05-09 14:17 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-09 14:17 --------- d-----w C:\Program Files\MSBuild
2008-05-09 14:11 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-09 11:49 --------- d-----w C:\Program Files\Pocket e-Sword
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 00:24 --------- d-----w C:\Program Files\Music Rescue
2008-05-07 00:15 --------- d-----w C:\Documents and Settings\Randy\Application Data\iPod Copy Expert
2008-05-03 23:43 --------- d-----w C:\Program Files\iPod Copy Expert
2008-05-03 22:11 --------- d-----w C:\Program Files\iTunes
2008-05-03 22:11 --------- d-----w C:\Documents and Settings\Randy\Application Data\Apple Computer
2008-05-03 22:10 --------- d-----w C:\Program Files\QuickTime
2008-05-03 22:10 --------- d-----w C:\Program Files\iPod
2008-05-03 22:10 --------- d-----w C:\Program Files\Bonjour
2008-05-03 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-03 22:07 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-03 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-27 14:06 --------- d-----w C:\Program Files\RegCure
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"stezinit"="C:\WINDOWS\sprscore.exe" [2007-12-09 17:28 753664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 11:44 303104]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"gretinit"="C:\WINDOWS\sprscore.exe" [2007-12-09 17:28 753664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 16:31 655360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S0 watvex;watvex;C:\WINDOWS\system32\drivers\watvex.sys [2007-07-10 08:40]
S1 atinx2k;atinx2k;C:\WINDOWS\system32\drivers\atinx2k.sys [2007-07-10 07:18]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 16:53:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 13:37:27 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-20 02:00:22 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-22 09:12:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-22 9:14:32
ComboFix-quarantined-files.txt 2008-06-22 14:14:24
ComboFix2.txt 2008-06-18 22:56:13
ComboFix3.txt 2008-06-18 01:55:35
Pre-Run: 119,194,013,696 bytes free
Post-Run: 119,264,251,904 bytes free
225 --- E O F --- 2008-06-19 22:44:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:09 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [stezinit] C:\WINDOWS\sprscore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gretinit] C:\WINDOWS\sprscore.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.pandasecurity.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) -
https://h50203.www5.hp.com/HPISWeb/C...PEIPAQTool.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1200722177342
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1200726449030
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7331 bytes