ComboFix 09-06-11.05 - PKR4599 06/11/2009 17:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3063.1374 [GMT -4:00]
Running from: c:\users\PKR4599\Desktop\ComboFix.exe
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.
2009-06-11 21:15 . 2009-06-11 21:15 -------- d-----w- c:\users\PKR4599\AppData\Local\temp
2009-06-11 21:15 . 2009-06-11 21:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-11 21:04 . 2009-06-11 21:04 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDB45.tmp.exe
2009-06-07 03:09 . 2009-06-11 21:06 -------- d-----w- c:\users\PKR4599\AppData\Roaming\SiteHound
2009-06-07 03:09 . 2009-06-07 03:09 -------- d-----w- c:\program files\FireTrust
2009-06-07 02:54 . 2009-06-07 02:54 -------- d-----w- c:\program files\Trend Micro
2009-06-07 02:42 . 2009-06-11 21:09 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-07 01:42 . 2009-06-07 01:42 -------- d-----w- c:\users\PKR4599\AppData\Roaming\BitDefender
2009-06-07 01:41 . 2009-06-07 01:44 -------- d-----w- c:\programdata\BitDefender
2009-06-07 01:41 . 2009-06-07 01:41 -------- d-----w- c:\program files\BitDefender
2009-06-07 01:41 . 2009-06-07 01:41 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-07 01:32 . 2009-06-07 02:15 -------- d-----w- c:\users\PKR4599\.housecall6.6
2009-06-06 19:54 . 2009-06-06 19:54 -------- d-----w- c:\windows\BDOSCAN8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 02:42 . 2009-04-15 19:13 144776 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-05-17 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-23 01:12 . 2008-10-31 22:50 99864 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-14 15:23 . 2009-04-14 15:23 -------- d-----w- c:\programdata\AVS4YOU
2009-04-14 15:23 . 2008-10-14 08:18 99864 ----a-w- c:\users\PKR4599\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-14 15:22 . 2009-04-14 15:22 -------- d-----w- c:\program files\AVS4YOU
2009-04-14 15:22 . 2009-04-14 15:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-04-14 15:22 . 2009-04-14 15:22 -------- d-----w- c:\users\PKR4599\AppData\Roaming\AVS4YOU
2009-04-06 20:44 . 2009-04-06 20:44 266376 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-31 14:05 . 2009-03-31 14:05 116048 ----a-w- c:\users\PKR4599\AppData\Roaming\HouseCall 6.6\TmEngDrv.dll
2009-03-31 14:05 . 2009-03-31 14:05 832776 ----a-w- c:\users\PKR4599\AppData\Roaming\HouseCall 6.6\lea.dll
2009-03-31 14:05 . 2009-03-31 14:05 439560 ----a-w- c:\users\PKR4599\AppData\Roaming\HouseCall 6.6\jlea.dll
2009-03-31 14:05 . 2009-03-31 14:05 42320 ----a-w- c:\users\PKR4599\AppData\Roaming\HouseCall 6.6\dsvout.dll
2009-03-17 03:38 . 2009-04-15 21:14 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 21:14 24064 ----a-w- c:\windows\system32\amxread.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]
c:\users\PKR4599\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TurboApps WinMobile Conduit.lnk - c:\users\PKR4599\AppData\Roaming\Microsoft\Installer\{A834433B-B389-4831-990D-CA7737AE4783}\_01204B79ABCD1777D498F7.exe [2009-2-23 18670]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-4-11 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8FB32357-6977-4F2C-B7D8-010F6C854A3F}"= c:\program files\Lenovo\ShuttleCenter\PowerCinema.exe:CyberLink PowerCinema
"{398DA52A-D24F-459F-9F44-A162C2F503F0}"= c:\program files\Lenovo\ShuttleCenter\PCMService.exe:CyberLink PowerCinema Resident Program
"{5958BE46-BC06-489A-AC4B-C6B8DEA0753E}"= c:\program files\Lenovo\ShuttleCenter\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8B8E906E-0AB5-4674-BFF5-E1F1C0028C83}"= c:\program files\Lenovo\ShuttleCenter\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{44F9C92C-705D-4D44-BBDD-2AF38F2AFA81}"= Disabled:UDP:e:\setup\HPZnui01.exe:hpznui01.exe
"{5E6B275B-2DF7-4564-986E-5E6536273C39}"= Disabled:TCP:e:\setup\HPZnui01.exe:hpznui01.exe
"{3D79ED16-622D-4CA9-8B9B-811C1AE12D88}"= Disabled:UDP:e:\setup\hponicifs01.exe:hponicifs01.exe
"{B2F7E54F-8067-4EBA-86B0-496DBEF1ECB1}"= Disabled:TCP:e:\setup\hponicifs01.exe:hponicifs01.exe
"{F8C655F5-34A1-477F-90E0-63C464F77DAF}"= Disabled:UDP:c:\users\PKR4599\AppData\Local\Temp\7zSD181.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F17312BA-67D3-436D-8BD9-12571AD87972}"= Disabled:TCP:c:\users\PKR4599\AppData\Local\Temp\7zSD181.tmp\setup\HPZnui01.exe:hpznui01.exe
"{852AA082-EBAE-44E1-9849-EBB1604CFC84}"= Disabled:UDP:c:\users\PKR4599\AppData\Local\Temp\7zSD181.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{F530AEA1-BEED-4466-A017-6709887DDCDF}"= Disabled:TCP:c:\users\PKR4599\AppData\Local\Temp\7zSD181.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{44F5C7C8-BF89-4F94-B810-4A0112B8A319}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{5A596AB5-19CA-4A5A-B017-CFAAD4D84B27}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{78D217B1-90B0-423D-BE79-D04B8453EA62}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{24F9E5D5-432C-4F34-951C-4AF75560A370}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{041D74CD-7CEE-41C0-876C-433D28DF4DEC}c:\\pfs\\callatl\\rteng9.exe"= UDP:c:\pfs\callatl\rteng9.exe:Adaptive Server Anywhere Network Server
"UDP Query User{0D46EDD7-5BF3-4C3D-81C2-C84A0A051586}c:\\pfs\\callatl\\rteng9.exe"= TCP:c:\pfs\callatl\rteng9.exe:Adaptive Server Anywhere Network Server
"TCP Query User{70B31979-D9C9-40DD-AEAF-9E7FB306D765}c:\\pfs\\callatl\\wmconduit.exe"= UDP:c:\pfs\callatl\wmconduit.exe:WMConduit
"UDP Query User{5E059092-D99C-4502-8D01-27A2CCDEA0B6}c:\\pfs\\callatl\\wmconduit.exe"= TCP:c:\pfs\callatl\wmconduit.exe:WMConduit
R2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/21/2008 7:01 PM 93960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/22/2007 3:00 PM 180736]
R3 CapFilt;CapFilt;c:\windows\System32\drivers\CapFilt.sys [9/14/2008 5:14 AM 18048]
S3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [4/15/2009 3:13 PM 144776]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AUJASNKJ
*NewlyCreated* - BDFM
*NewlyCreated* - BDFSFLTR
*NewlyCreated* - BDSELFPR
*NewlyCreated* - C0717805
*NewlyCreated* - PROFOS
*NewlyCreated* - TRUFOS
*Deregistered* - aujasnkj
*Deregistered* - c0717805
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790} - c:\windows\test.bat
HKLM-Run-VeriFacePassManager - c:\program files\Lenovo\VeriFace\PManage.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uDefault_Search_URL =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\PKR4599\AppData\Roaming\Mozilla\Firefox\Profiles\1pxn59ft.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-11 17:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP00000048EC7598936AF22EAF 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-11 17:16
ComboFix-quarantined-files.txt 2009-06-11 21:16
Pre-Run: 130,842,374,144 bytes free
Post-Run: 131,292,016,640 bytes free
169 --- E O F --- 2009-06-08 22:41
Logfile of HijackThis v1.99.1
Scan saved at 10:57:33 PM, on 6/6/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\pfs\callatl\WMConduitDirector.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.lenovo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] C:\Windows\test.bat
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe"
O4 - HKLM\..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: TurboApps WinMobile Conduit.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (file missing)
O9 - Extra 'Tools' menuitem: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)