ComboFix 08-05-01.3 - Michael 2008-05-06 18:06:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.416 [GMT -4:00]
Running from: C:\Users\Michael\Desktop\combofix.exe
Command switches used :: /killall
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.
2008-05-01 17:57 . 2008-05-01 17:57 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Malwarebytes
2008-05-01 17:56 . 2008-05-01 17:56 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-01 17:56 . 2008-05-01 17:56 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-01 17:56 . 2008-05-01 17:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 17:55 . 2008-05-01 17:55 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Download Manager
2008-04-26 00:01 . 2008-04-26 00:01 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-20 01:34 . 2008-04-20 01:34 <DIR> d-------- C:\Windows\McAfee.com
2008-04-17 23:33 . 2008-04-17 23:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-17 01:06 . 2008-04-17 01:06 <DIR> d-------- C:\Users\Michael\AppData\Roaming\McAfee
2008-04-15 22:55 . 2008-04-15 22:55 <DIR> d-------- C:\Users\Michael\AppData\Roaming\CyberLink
2008-04-15 22:55 . 2008-04-15 22:55 <DIR> d-------- C:\Users\All Users\CyberLink
2008-04-15 22:55 . 2008-04-15 22:55 <DIR> d-------- C:\ProgramData\CyberLink
2008-04-15 00:36 . 2008-04-15 00:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:42 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-14 19:42 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-14 19:42 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-14 19:42 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-14 19:42 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-14 19:42 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-14 19:42 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-14 19:42 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-14 19:42 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-14 03:01 . 2008-04-14 03:01 <DIR> d-------- C:\d1507fafbf8c641dbf2c
2008-04-13 19:58 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 21:47 --------- d-----w C:\Users\Michael\AppData\Roaming\uTorrent
2008-05-02 13:10 --------- d-----w C:\Program Files\McAfee
2008-05-02 03:37 --------- d-----w C:\Users\Michael\AppData\Roaming\Spare Backup
2008-05-02 03:25 --------- d-----w C:\ProgramData\vshshirc
2008-05-01 22:57 836 ----a-w C:\Users\Michael\AppData\Roaming\wklnhst.dat
2008-04-17 05:13 --------- d-----w C:\ProgramData\McAfee
2008-04-15 04:50 --------- d-----w C:\Program Files\Google
2008-04-14 07:29 --------- d-----w C:\Program Files\Windows Mail
2008-03-29 03:43 --------- d-----w C:\ProgramData\Symantec
2008-03-29 03:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-27 03:52 --------- d-----w C:\Users\Michael\AppData\Roaming\Acoustica
2008-03-27 03:52 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-03-27 03:52 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-03-27 03:49 --------- d-----w C:\ProgramData\Acoustica
2008-03-21 18:45 --------- d-----w C:\Users\Michael\AppData\Roaming\Cakewalk
2008-03-07 22:21 --------- d-----w C:\Users\Michael\AppData\Roaming\DivX
2008-03-07 16:07 --------- d-----w C:\Program Files\DivX
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-14 08:13 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-07 21:12 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Michael\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-20 23:15 51184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"SpyZooka"="C:\Program Files\SpyZooka\SpyZookaLdr.exe" [ ]
"gnlcfyji"="C:\Windows\system32\bolqdqbi.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-31 21:37 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 15:39 151552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 02:58 815104]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 03:34 634880]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 01:26 68640]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-13 00:27 5252936]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 05:33 582992]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 11:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 11:03 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 11:02 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 01:17 52256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Users\Michael\AppData\Local\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0E732C40-0E39-4778-9AC3-EC97B452FBE9}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{5F18059B-9438-4C56-9CBD-7D4C0EBD053F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CA2252A-ED43-40E6-8E7D-D2D09C5900EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D91D605-9A8F-465E-84C1-295706DABE94}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{DC9B56E9-408C-4D81-A022-F8523B297466}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B4AE6155-D2E8-4776-82EE-D7FBAC95600F}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7CD5B1C8-64B6-4BBC-BE94-869CE8B5E236}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{07C70435-8B7C-4879-9389-B4418336D0C1}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{379AF9D0-2C5A-48D4-8001-89FFCB92C64B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:uTorrent
"{DF827265-962E-4BC9-9990-E2474AA61B04}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:uTorrent
"{DCB0AC59-0391-4C13-B423-1D00099BDEED}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B076D4F0-CC47-47D6-9DE4-40436ACAEDF4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D92C3609-8327-45DF-ACEB-73FAA1397DA3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DAD292ED-B1A4-4994-A230-CFE9DA9F841F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{42A65DB0-CAB8-450F-A812-B9B8462516C4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F2E593E8-4FD0-4DE6-9E83-AFA336DB601D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 11:49]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 03:20]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S2 0044041209733835mcinstcleanup;McAfee Application Installer Cleanup (0044041209733835);C:\Windows\TEMP\
004404~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe" [2008-03-28 19:04]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 05:00:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 05:59:59 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-06 18:12:38
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-05-06 18:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 22:20:45
Pre-Run: 1,557,766,144 bytes free
Post-Run: 1,668,739,072 bytes free
212 --- E O F --- 2008-05-06 21:50:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2008-05-06
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Michael\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Michael\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html ... B&M=ML6232R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKCU\..\Run: [gnlcfyji] C:\Windows\system32\bolqdqbi.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:\Users\Michael\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-secure.com/ols/fscax.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{437A27EC-D339-4630-8E2F-FD74DE514627}: NameServer = 192.168.0.1,68.168.240.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{437A27EC-D339-4630-8E2F-FD74DE514627}: NameServer = 192.168.0.1,68.168.240.2
O23 - Service: McAfee Application Installer Cleanup (0044041209733835) (0044041209733835mcinstcleanup) - Unknown owner - C:\Windows\TEMP\004404~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 9368 bytes