The ComboFix and HijackThis logs are below. The ComboFix did not set up a Recovery Console like the instructions said it would. And for some reason it thought I was running ESET NOD32, which I uninstalled about a year ago, but aside from that it ran very smoothly.
ComboFix 09-07-09.08 - HP_Administrator 07/11/2009 12:07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1577 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Stardock\WindowBlinds\FROIS-01\_desktop.ini
c:\windows\Installer\1fceb383.msi
c:\windows\Installer\1fceb38f.msi
c:\windows\Installer\29ec6.msp
c:\windows\Installer\30c46.msi
c:\windows\Installer\4b5ead.msp
c:\windows\Installer\5124cf0.msi
c:\windows\Installer\8b81361.msp
c:\windows\Installer\8b81362.msp
c:\windows\Installer\8b81363.msp
c:\windows\Installer\8b81364.msp
c:\windows\Installer\8b81365.msp
c:\windows\Installer\8b81366.msp
c:\windows\Installer\8b81367.msp
c:\windows\Installer\8b81368.msp
c:\windows\Installer\8b81369.msp
c:\windows\Installer\8bc3eb3.msp
c:\windows\Installer\8bc3eb4.msp
c:\windows\Installer\8bc3eb5.msp
c:\windows\Installer\8bc3eb6.msp
c:\windows\Installer\8bc3eb7.msp
c:\windows\Installer\8bc3eb8.msp
c:\windows\Installer\8bc3eb9.msp
c:\windows\Installer\8bc3eba.msp
c:\windows\Installer\8bc3ebb.msp
c:\windows\Installer\c38ca34.msp
c:\windows\Installer\c38ca44.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\hjgruitwqjxlij.sys
c:\windows\system32\hjgruiefkvjrxj.dll
c:\windows\system32\hjgruiktxtscid.dat
c:\windows\system32\hjgruincmomhyv.dat
c:\windows\system32\hjgruitqhdqrek.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruiefuydmkf
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-10 19:23 . 2009-07-11 06:38 103 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\milkyway_0.19_windows_intelx86.exe
2009-07-10 15:18 . 2009-07-11 08:41 104 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\minirosetta_1.80_windows_intelx86.exe
2009-07-08 22:35 . 2009-07-08 22:36 -------- d-----w- c:\program files\Free Window Registry Repair
2009-07-07 08:36 . 2009-07-07 08:36 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\3\libfftw3f-3-1-1a_upx.dll
2009-07-07 08:36 . 2009-07-07 08:36 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\3\astropulse_5.05_windows_intelx86.exe
2009-07-06 21:47 . 2009-07-06 21:47 -------- d-----w- c:\program files\Trend Micro
2009-07-06 00:03 . 2009-07-06 01:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Spyware Terminator
2009-07-06 00:03 . 2009-07-06 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-07-06 00:03 . 2009-07-06 00:03 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-07-06 00:03 . 2009-07-06 00:03 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-07-06 00:03 . 2009-07-06 00:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-06 00:02 . 2009-07-06 21:39 -------- d-----w- c:\program files\Spyware Terminator
2009-07-05 14:05 . 2009-07-05 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-07-05 13:59 . 2009-07-05 13:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 13:55 . 2009-07-05 19:03 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 13:55 . 2009-07-05 13:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-05 13:26 . 2009-07-05 13:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-05 13:26 . 2009-07-05 13:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-05 07:51 . 2009-07-05 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-05 07:51 . 2009-07-06 21:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-07-05 05:24 . 2009-07-05 17:35 -------- d-----w- c:\program files\Lavasoft
2009-07-05 04:13 . 2009-07-05 04:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol
2009-07-05 04:13 . 2006-08-25 14:59 100 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Autoexec.bat
2009-07-05 04:13 . 2005-08-30 21:02 0 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Config.sys
2009-07-05 04:13 . 2009-07-05 04:13 -------- d-----w- c:\program files\BillP Studios
2009-07-04 21:57 . 2009-07-04 21:57 -------- d-----w- c:\program files\IObit
2009-07-04 21:44 . 2009-07-04 21:44 -------- d-----w- c:\program files\Diskeeper Corporation
2009-07-04 15:56 . 2009-07-07 23:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-28 16:22 . 2009-06-28 16:22 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-28 16:21 . 2009-06-28 16:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org
2009-06-28 16:20 . 2009-06-28 16:20 -------- d-----w- c:\program files\JRE
2009-06-28 16:20 . 2009-06-28 16:20 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-27 03:09 . 2009-07-11 15:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherWatcherLive
2009-06-27 03:08 . 2009-07-09 22:39 -------- d-----w- c:\program files\Weather Watcher Live
2009-06-27 03:08 . 2004-05-27 06:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-06-27 02:13 . 2008-06-02 18:20 523776 ------w- c:\documents and settings\HP_Administrator\Application Data\SoftMaker\smun3250.exe
2009-06-27 02:12 . 2009-06-27 02:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SoftMaker
2009-06-26 16:46 . 2009-06-26 16:46 294912 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\ap_graphics_5.05_windows_intelx86.exe
2009-06-26 16:46 . 2009-06-26 16:46 479232 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
2009-06-24 22:21 . 2009-06-24 22:24 -------- d-----w- c:\program files\Raxco
2009-06-23 05:31 . 2009-06-23 05:33 8822784 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_1.80_windows_intelx86.exe
2009-06-20 18:06 . 2009-06-20 18:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ashampoo
2009-06-20 18:06 . 2009-06-20 18:06 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\ashampoo
2009-06-20 18:06 . 2009-06-20 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-06-20 18:06 . 2009-06-28 16:25 -------- d-----w- c:\program files\Ashampoo
2009-06-20 17:57 . 2009-06-20 17:57 -------- d-----w- C:\temp
2009-06-20 17:39 . 2009-06-20 17:39 -------- d-----w- c:\program files\RamBooster 2.0
2009-06-20 17:38 . 2009-06-20 17:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\iolo
2009-06-20 17:38 . 2009-06-20 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-18 22:47 . 2009-06-18 22:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-18 22:28 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-18 22:28 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-17 22:05 . 2009-06-17 22:05 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2009-06-17 22:03 . 2009-06-17 22:03 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2009-06-17 21:56 . 2009-07-07 22:46 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2009-06-17 21:51 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 21:51 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 21:51 . 2009-06-17 21:51 -------- d-----w- c:\windows\ie8updates
2009-06-17 21:50 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-17 21:50 . 2009-06-17 21:50 -------- dc-h--w- c:\windows\ie8
2009-06-12 00:40 . 2009-05-13 21:30 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-06-12 00:38 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-06-11 22:19 . 2009-06-11 22:19 -------- d-----w- C:\ReohixFreshRAM
2009-06-11 22:07 . 2009-06-10 17:39 5465088 ----a-w- C:\Fresh RAM.msi
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 15:52 . 2006-09-03 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MailWasherPro
2009-07-11 15:43 . 2009-01-14 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2009-07-11 15:39 . 2006-09-03 02:04 19466 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-07-10 23:08 . 2007-07-09 23:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 00:37 . 2009-07-09 00:38 85504 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-07-09 00:37 . 2009-07-09 00:38 4427264 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-07-08 22:55 . 2009-07-08 22:55 61952 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-07-08 22:55 . 2009-07-08 22:55 4425728 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-07-08 22:15 . 2009-07-08 22:15 4421632 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-07-08 22:15 . 2009-07-08 22:15 2317824 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-06 21:40 . 2009-07-06 21:40 4412928 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-06 21:40 . 2009-07-06 21:40 764416 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-06 21:27 . 2007-04-16 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 17:35 . 2009-07-05 17:36 4388864 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-05 17:35 . 2009-07-05 17:36 2522624 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-05 04:32 . 2009-07-05 04:32 171850 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_05_00_32_20_small.dmp.zip
2009-07-04 21:57 . 2008-12-28 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-04 17:40 . 2006-08-25 14:53 58280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 16:19 . 2006-08-25 14:25 -------- d-----w- c:\program files\Java
2009-06-21 14:15 . 2009-06-21 14:16 212480 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-21 14:15 . 2009-06-21 14:16 4077568 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-20 23:55 . 2009-01-03 18:48 -------- d-----w- c:\program files\Common Files\Logishrd
2009-06-20 23:50 . 2006-08-25 14:21 -------- d-----w- c:\program files\GemMaster
2009-06-20 23:46 . 2006-09-03 14:21 -------- d-----w- c:\program files\Logitech
2009-06-20 23:07 . 2008-12-29 01:30 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-20 23:07 . 2008-12-29 01:32 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-20 23:07 . 2008-12-29 01:31 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-19 10:58 . 2008-10-22 23:38 -------- d-----w- c:\program files\Unlocker
2009-06-17 21:17 . 2007-12-13 23:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-11 10:28 . 2009-06-11 10:28 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 10:00 . 2009-06-10 10:00 68392 ----a-w- c:\windows\system32\sbbd.exe
2009-06-08 14:00 . 2009-06-08 14:00 71696 ----a-w- c:\windows\system32\drivers\DefragFs.sys
2009-06-07 22:23 . 2008-12-08 23:24 -------- d-----w- c:\program files\SysResources Manager
2009-06-07 21:59 . 2009-06-07 21:58 -------- d-----w- c:\program files\Glary Utilities
2009-06-02 02:33 . 2006-09-03 03:16 -------- d-----w- c:\program files\Common Files\Stardock
2009-05-31 23:50 . 2007-11-06 23:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Stardock
2009-05-31 23:50 . 2009-05-31 23:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}
2009-05-31 23:50 . 2009-05-31 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-05-31 23:50 . 2006-09-03 01:56 -------- d-----w- c:\program files\Stardock
2009-05-31 15:06 . 2007-04-06 14:18 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-05-30 06:00 . 2007-06-25 21:52 -------- d-----w- c:\program files\AlfaClock
2009-05-30 05:36 . 2009-05-30 05:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit
2009-05-30 04:26 . 2008-10-30 10:13 100 ----a-w- c:\windows\system32\09wutili.sys
2009-05-27 15:16 . 2009-05-31 23:50 2603144 -c--a-w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}\Impulse_setup.exe
2009-05-26 19:03 . 2009-05-31 23:49 2147696 -c--a-w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}\OFFLINE\86D01CB6\597810BF\Impulse.exe
2009-05-26 18:58 . 2009-05-31 23:49 9728 -c--a-w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}\OFFLINE\86D01CB6\597810BF\DeElevator64.dll
2009-05-26 18:58 . 2009-05-31 23:49 616696 -c--a-w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}\OFFLINE\86D01CB6\597810BF\7z.dll
2009-05-26 18:58 . 2009-05-31 23:49 356352 -c--a-w- c:\documents and settings\All Users\Application Data\{CA104D43-2120-4EA6-8FD2-944C72A4660C}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2009-05-21 15:33 . 2008-12-22 21:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-09 21:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-09 21:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-30 17:56 . 2009-04-30 17:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-04-30 17:09 . 2009-04-30 17:07 2498560 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_graphics_1.64_windows_intelx86.exe
2009-04-17 12:26 . 2004-08-09 21:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-09 21:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2003-04-18 01:40 . 2006-09-03 00:42 425984 ----a-w- c:\program files\TCPOptimizer.exe
2006-09-04 18:40 . 2006-09-04 18:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlfaClock Classic"="c:\program files\AlfaClock\AlfaClock.exe" [2005-07-13 1378304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2007-04-18 19456]
"PCMagSurfSpeed2"="c:\program files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe" [2008-12-01 3106304]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-11-17 3916544]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"WeatherWatcherLive"="c:\program files\Weather Watcher Live\ww.exe" [2009-07-08 1208320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"CleanIt"="c:\program files\CleanIt\cleanit.exe" [2001-08-13 61440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-11-17 58112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-06-10 959784]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-25 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-25 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
GomezPEER.lnk - c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe [2008-8-26 74240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-24 21:04 204080 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"ehTray"=c:\windows\ehome\ehtray.exe
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/11/2009 8:38 PM 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [10/5/2008 12:40 PM 202160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/5/2009 8:03 PM 142592]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/11/2009 8:40 PM 69936]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [12/28/2008 9:32 PM 603904]
S2 Tropic Designs: Weather Pulse update permissions manager. 29862.;Tropic Designs: Weather Pulse update permissions manager. 29862.; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/10/2008 10:17 AM 7808]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SECLOGON
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 02:36]
2009-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-07 15:39]
2009-07-10 c:\windows\Tasks\GlaryOneClickOptimizer.job
- c:\program files\Glary Utilities\oneclickoptimizer.exe [2009-06-07 15:39]
2009-07-10 c:\windows\Tasks\GlaryUpdate.job
- c:\program files\Glary Utilities\webupdate.exe [2009-06-07 15:39]
2009-07-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-04 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.versiontracker.com/windows/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
Trusted Zone: trymedia.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ku3l5kvo.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage -
hxxps://www.mturk.com/mturk/findhits?match=falseFF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ku3l5kvo.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_03050024.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com
http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-11 12:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tropic Designs: Weather Pulse update permissions manager. 29862.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1205235177-2945868235-3455966947-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
[HKEY_USERS\S-1-5-21-1205235177-2945868235-3455966947-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{75344743-7046-7BF3-D3F5-CBC6A86E8EEA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbjffhcfchpcambhepfmiaicggopcicefiacmbnb"=hex:6a,61,6f,66,6b,62,6e,61,65,69,
66,69,64,6b,6b,6b,69,6e,65,61,00,00
"cbhflolaallhfddghnpjifklgenhbceighhdgm"=hex:6a,61,6f,66,6b,62,6e,61,65,69,66,
69,64,6b,6b,6b,69,6e,65,61,00,00
"abndnelnbgljolpkahkdhpmnedcgijbdop"=hex:61,61,00,00
"maodcdjfffddanencdldmfohag"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-1205235177-2945868235-3455966947-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7CFB34A0-51BF-17DC-DBDE-CC0F8C08A70D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbookcneollpcocbacidibbpoibccaibckoa"=hex:6a,61,62,6d,62,66,6c,64,69,65,6f,64,
6f,64,6b,6c,64,6f,6e,6d,00,dd
"abeadmdogkadbclhmjbjeicpfkdndphagh"=hex:6a,61,63,6d,68,61,63,67,66,6e,6f,6d,
64,6a,6e,61,6a,6c,68,63,00,00
"iaookcneollpcocbac"=hex:61,61,00,00
"haeadmdogkadbclh"=hex:61,61,00,00
"iaccjohidgpneophjl"=hex:61,61,00,00
"abccjnodnibecjgbhpogadgjgnnmgdegig"=hex:61,61,00,00
"madclfboofkdldhdhdhhciglma"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-1205235177-2945868235-3455966947-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D7AE9A4D-9F8C-9214-AF34-A6A475C11010}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbaeggmdknolaaniklpjcjcecphpmgnlbpan"=hex:6a,61,70,65,67,6b,69,69,6e,62,70,63,
66,66,61,63,6b,61,6d,67,00,00
"abkcapamoajfcimchacnimkemmobhlaomf"=hex:6a,61,6d,64,6d,6e,6f,66,6a,66,61,67,
6c,66,65,62,6a,6e,67,70,00,00
"iaaeggmdknolaanikl"=hex:61,61,00,01
"hakcapamoajfcimc"=hex:61,61,00,01
"iambgddeefmgegcpeo"=hex:61,61,00,01
"abmbgalgnahdbbgjjohfcdgbecmnhchikj"=hex:61,61,00,00
"mancdclknleffddbadnamohlnf"=hex:61,61,00,00
"dbaeggmdknolaaniklpjcjcecphplgadheglhkeh"=hex:6a,61,6e,65,6d,6b,6c,62,65,66,
61,69,63,6b,6f,61,6b,67,69,65,00,fb
"cbkcapamoajfcimchacnimkemmlbmchbceildi"=hex:6a,61,6e,65,6d,6b,6c,62,65,66,61,
69,63,6b,6f,61,6b,67,69,65,00,fb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\WRLogonNTF.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-07-11 12:18
ComboFix-quarantined-files.txt 2009-07-11 16:18
Pre-Run: 118,549,929,984 bytes free
Post-Run: 118,514,741,248 bytes free
429 --- E O F --- 2009-06-17 21:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:46 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.versiontracker.com/windows/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CleanIt] "C:\Program Files\CleanIt\cleanit.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [PCMagSurfSpeed2] C:\Program Files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe
O4 - HKCU\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [WeatherWatcherLive] "C:\Program Files\Weather Watcher Live\ww.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Startup: OpenOffice.org 3.1.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone:
http://*.trymedia.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3373118156O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://www.driveragent.com/files/driveragent.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -
http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9468 bytes