Beynac - many thanks for your help and for making it so easy to follow the steps!
ComboFix LogComboFix 07-11-08.1 - Muiris Lyons 2007-11-15 11:09:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.897 [GMT 0:00]
Running from: C:\Documents and Settings\Muiris Lyons\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\qngxedkb.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Muiris Lyons\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Muiris Lyons\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Muiris Lyons\Favorites\Online Security Guide.lnk
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bsiljokm.dllbox
C:\WINDOWS\system32\byxuvwv.dll
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.tmp
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\ireurkrh.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jrgolbaq.dll
C:\WINDOWS\system32\ndtcpuut.dll
C:\WINDOWS\system32\shjlcsrk.dll
C:\WINDOWS\system32\ssqqrrs.dll
C:\WINDOWS\system32\trhxhffg.dll
C:\WINDOWS\system32\uewotdkd.dll
C:\WINDOWS\system32\winwil32.dll
C:\WINDOWS\system32\xxyxwvu.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 11:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 10:46 85,056 --a------ C:\WINDOWS\system32\xlgaapmh.dll
2007-11-15 09:38 <DIR> d-------- C:\Program Files\Epenomit
2007-11-15 09:38 79,936 --a------ C:\WINDOWS\system32\bimpkyql.dll
2007-11-15 09:37 <DIR> d-------- C:\Program Files\rytcravi
2007-11-15 09:37 104,960 --a------ C:\WINDOWS\system32\drvkib.dll
2007-11-15 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-14 20:05 85,056 --a------ C:\WINDOWS\system32\iwwueyfu.dll
2007-11-14 17:25 85,056 --a------ C:\WINDOWS\system32\ndkbkdco.dll
2007-11-14 17:19 79,424 --a------ C:\WINDOWS\system32\rtlatbhg.dll
2007-11-14 17:17 104,960 --a------ C:\WINDOWS\system32\drvpah.dll
2007-11-14 17:17 36,352 --a------ C:\WINDOWS\system32\khfebcy.dll
2007-11-14 16:10 85,056 --a------ C:\WINDOWS\system32\nkpdvhdk.dll
2007-11-14 16:03 <DIR> d-------- C:\Program Files\Zzmulotb
2007-11-14 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 13:31 81,472 --a------ C:\WINDOWS\system32\amyckgga.dll
2007-11-14 12:42 4,232 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-14 10:49 <DIR> d-------- C:\Documents and Settings\Muiris Lyons\Application Data\Grisoft
2007-11-14 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 10:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 10:43 85,056 --a------ C:\WINDOWS\system32\aamtebam.dll
2007-11-14 08:40 <DIR> d-------- C:\Program Files\Lonzgjyr
2007-11-14 08:40 <DIR> d-------- C:\Program Files\bwbuzqbi
2007-11-14 08:40 36,352 --a------ C:\WINDOWS\system32\wvuvwxw.dll
2007-11-13 07:52 144,480 --a------ C:\WINDOWS\system32\bsiljokm.dll
2007-11-13 07:52 144,480 --a------ C:\WINDOWS\system32\apaggfdb.dll
2007-11-13 07:49 80,448 --a------ C:\WINDOWS\system32\ikcmesst.dll
2007-11-11 02:50 81,472 --a------ C:\WINDOWS\system32\bbkxlqyh.dll
2007-11-10 20:10 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-10 19:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-10 19:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-10 19:41 <DIR> dr-h----- C:\MSOCache
2007-11-10 16:19 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-08 23:22 <DIR> d-------- C:\Program Files\SEOSurf
2007-11-08 17:26 <DIR> d-------- C:\Program Files\iTunes
2007-11-08 17:26 <DIR> d-------- C:\Program Files\iPod
2007-10-24 13:04 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-24 13:04 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-24 13:03 <DIR> d-------- C:\Program Files\Symantec
2007-10-24 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-24 13:02 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-21 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-21 08:47 <DIR> d-------- C:\Program Files\Motive
2007-10-21 08:47 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
2007-10-20 11:36 <DIR> d-------- C:\Program Files\BT Broadband Talk Softphone
2007-10-20 11:35 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
2007-10-20 11:35 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2007-10-20 11:32 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-10-20 11:32 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-10-20 11:31 <DIR> d-------- C:\Program Files\btbb_wcm
2007-10-20 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-10-20 11:30 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-10-20 11:30 <DIR> d-------- C:\Program Files\BT Home Hub
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 09:01 --------- d-----w C:\Program Files\PartyGaming
2007-11-14 22:51 44,070 -c--a-w C:\Documents and Settings\Muiris Lyons\Application Data\wklnhst.dat
2007-11-14 18:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 17:07 --------- d-----w C:\Program Files\PestPatrol
2007-11-13 08:27 --------- d-----w C:\Program Files\Yahoo!
2007-11-12 06:14 --------- d-----w C:\Documents and Settings\Muiris Lyons\Application Data\uTorrent
2007-11-12 03:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-08 17:24 --------- d-----w C:\Program Files\QuickTime
2007-11-06 13:08 88,608 -c--a-w C:\Documents and Settings\Muiris Lyons\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 17:54 --------- d-----w C:\Documents and Settings\Muiris Lyons\Application Data\Yahoo!
2007-10-24 14:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-24 14:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-24 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-24 11:00 --------- d-----w C:\Program Files\GameShadow
2007-10-21 13:56 --------- d-----w C:\Documents and Settings\Muiris Lyons\Application Data\Motive
2007-10-21 13:14 --------- d-----w C:\Program Files\Garmin
2007-10-21 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 18:04 --------- d-----w C:\Program Files\DriverScan
2007-09-30 14:21 --------- d-----w C:\Program Files\Ahead
2007-09-24 19:35 --------- d-----w C:\Program Files\Smart Projects
2007-09-23 09:10 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-23 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-23 09:00 --------- d-----w C:\Documents and Settings\Muiris Lyons\Application Data\AOL
2007-09-23 08:50 --------- d-----w C:\Program Files\Voyager100Test
2007-09-23 08:50 --------- d-----w C:\Program Files\CANON
2007-09-23 08:41 --------- d-----w C:\Program Files\MediaMonkey
2007-09-23 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-09-23 08:39 --------- d-----w C:\Program Files\Ubisoft
2007-09-23 08:39 --------- d-----w C:\Program Files\RegistryFix
2007-09-23 08:36 --------- d-----w C:\Program Files\LucasArts
2007-09-23 08:36 --------- d-----w C:\Program Files\GIMP-2.0
2007-09-23 08:35 --------- d-----w C:\Program Files\NCH Swift Sound
2007-09-23 08:30 --------- d-----w C:\Program Files\Tunebite
2007-09-23 08:29 --------- d-----w C:\Program Files\Apple Software Update
2007-09-22 21:33 --------- d-----w C:\Program Files\uTorrent
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 13:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 13:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 13:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 13:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 13:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 13:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-02-18 17:00 392 -c--a-w C:\Documents and Settings\sam\Application Data\wklnhst.dat
2005-08-12 19:09 34,070 -c--a-w C:\Program Files\CHARLIE-AND-THE-CHOCOLATE[1].FACTORY.ts.english.verified.best.joined.avi.torrent
2005-08-12 19:07 27,812 -c--a-w C:\Program Files\[isoHunt] Charlie and the Chocolate Factory[1][1].2005.CAM.CD1-COBRA.mpeg.torrent
2005-08-07 13:12 1,900,184 -c--a-w C:\Program Files\frinstall.exe
2004-07-27 22:30 457 -c--a-w C:\Program Files\INSTALL.LOG
2003-08-27 13:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2005-02-05 14:39:05 56 -csh--r C:\WINDOWS\system32\45C0B81A50.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-15 09:38 114688 --a------ C:\Program Files\Epenomit\faibpdbz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{563ff35b-70ab-4c8c-950a-c6cc96c049b0}]
2007-11-15 09:38 79936 --a------ C:\WINDOWS\system32\bimpkyql.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 07:52 144480 --a------ C:\WINDOWS\system32\bsiljokm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\bsiljokm.dll [2007-11-13 07:52 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 05:28]
"CARPService"="carpserv.exe" [2003-06-11 11:54 C:\WINDOWS\system32\carpserv.exe]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 06:59]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 15:19]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 12:34]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 12:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 07:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:56]
"d8e74e3e"="C:\WINDOWS\system32\xlgaapmh.dll" [2007-11-15 10:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 10:18]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 18:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-10-16 09:26]
C:\Documents and Settings\Muiris Lyons\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe [2007-07-20 17:57:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bsiljokm]
bsiljokm.dll 2007-11-13 07:52 144480 C:\WINDOWS\system32\bsiljokm.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhf.dll
"Notification Packages"= :\WINDOWS\system3
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\AOL 8.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Goal Genie.lnk]
backup=C:\WINDOWS\pss\Goal Genie.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Muiris Lyons^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Muiris Lyons^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkib.dll,startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d8e74e3e]
rundll32.exe "C:\WINDOWS\system32\iwwueyfu.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW ControlCenter]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krufwdkx]
rundll32.exe "C:\Program Files\rytcravi\hmxgnady.dll",Init
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qngxedkb]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qngxedkb.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupaDial]
C:\Program Files\SupaDial\SupaDial.exe /A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 DCamUSBLTN;M318B Digital Video Camera;C:\WINDOWS\system32\DRIVERS\vq318vid.sys
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
S3 iComp;Hauppauge WinTV PVR USB2 Encoder;C:\WINDOWS\system32\DRIVERS\HCWUSB2.sys
S3 LANC;LANC over PPT;C:\WINDOWS\system32\drivers\Lanc.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8107882-4fce-11dc-ac46-00038a000015}]
\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-08 17:15:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 11:07:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-05 23:12:06 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Muiris Lyons.job"
"2007-11-15 07:28:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-15 11:23:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-15 11:34:09 - machine was rebooted
.
--- E O F ---
Hijack This LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:01, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\HJT\NoHiding.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Epenomit\faibpdbz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {0b940c69-cc6c-a059-c8c4-ba07b53ff365} - {563ff35b-70ab-4c8c-950a-c6cc96c049b0} - C:\WINDOWS\system32\bimpkyql.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bsiljokm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bsiljokm.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [d8e74e3e] rundll32.exe "C:\WINDOWS\system32\xlgaapmh.dll",b
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
http://www.pcpitstop.com/internet/pcpConnCheck.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exeO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://driveragent.com/files/driveragent.cabO20 - Winlogon Notify: bsiljokm - C:\WINDOWS\SYSTEM32\bsiljokm.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 13206 bytes
Again - many thanks