Sorry about that. I removed BitLord from my applications, but I guess the file was still there. I have deleted the folder.
Here are the requested logs.
Thanks!
Grace
ComboFIX log:
ComboFix 09-02-05.01 - g-race 2009-02-08 14:06:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.416 [GMT -8:00]
Running from: f:\documents and settings\g-race\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\g-race\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
f:\windows\tpjqrast
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\program files\prodegetoolbar680
f:\program files\prodegetoolbar680\install.ico
f:\program files\prodegetoolbar680\toolbar.ini
f:\program files\prodegetoolbar680\uninstall.exe
f:\windows\tpjqrast
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Atdydi
((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.
2009-02-02 19:09 . 2009-02-02 19:09 <DIR> d-------- F:\My Videos
2009-01-31 20:08 . 2009-01-31 20:08 <DIR> d-------- f:\program files\Trend Micro
2009-01-26 20:18 . 2004-08-04 00:56 152,576 --a------ f:\windows\system32\irftp.exe
2009-01-26 20:18 . 2004-08-04 00:56 152,576 --a--c--- f:\windows\system32\dllcache\irftp.exe
2009-01-26 20:18 . 2004-08-04 00:56 27,136 --a------ f:\windows\system32\irmon.dll
2009-01-26 20:18 . 2004-08-04 00:56 27,136 --a--c--- f:\windows\system32\dllcache\irmon.dll
2009-01-26 20:18 . 2004-08-04 00:56 8,192 --a------ f:\windows\system32\wshirda.dll
2009-01-26 20:18 . 2004-08-04 00:56 8,192 --a--c--- f:\windows\system32\dllcache\wshirda.dll
2009-01-24 00:07 . 2009-01-23 23:13 15,688 --a------ f:\windows\system32\lsdelete.exe
2009-01-23 23:13 . 2009-01-23 23:12 64,160 --a------ f:\windows\system32\drivers\Lbd.sys
2009-01-23 23:08 . 2009-01-23 23:08 <DIR> d-------- f:\program files\Lavasoft
2009-01-23 23:08 . 2009-01-23 23:18 <DIR> d--h-c--- f:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 23:00 . 2009-01-21 23:00 <DIR> d-------- f:\documents and settings\g-race\DoctorWeb
2009-01-15 23:25 . 2009-01-15 23:25 410,984 --a------ f:\windows\system32\deploytk.dll
2009-01-13 22:37 . 2009-01-13 22:37 <DIR> d-------- f:\program files\CourseSmart
2009-01-13 22:30 . 2009-01-13 22:30 <DIR> d-------- f:\program files\MSBuild
2009-01-13 22:27 . 2009-01-13 22:36 <DIR> d-------- f:\windows\system32\XPSViewer
2009-01-13 22:26 . 2009-01-13 22:26 <DIR> d-------- f:\program files\Reference Assemblies
2009-01-13 22:25 . 2006-06-29 13:07 14,048 --a------ f:\windows\system32\spmsg2.dll
2009-01-11 00:54 . 2009-01-11 01:23 <DIR> d-------- f:\program files\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 22:12 --------- d-----w f:\documents and settings\g-race\Application Data\Skype
2009-01-28 05:52 --------- d-----w f:\program files\Veoh Networks
2009-01-24 21:05 --------- d-----w f:\program files\Malwarebytes' Anti-Malware
2009-01-24 07:13 --------- d-----w f:\documents and settings\All Users\Application Data\Lavasoft
2009-01-20 21:03 --------- d-----w f:\documents and settings\g-race\Application Data\ZoomBrowser EX
2009-01-20 20:57 --------- d-----w f:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-20 06:02 --------- d-----w f:\program files\Symantec AntiVirus
2009-01-16 07:24 --------- d-----w f:\program files\Java
2009-01-15 00:11 38,496 ----a-w f:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ----a-w f:\windows\system32\drivers\mbam.sys
2009-01-02 10:45 --------- d-----w f:\program files\Impulse
2008-12-27 07:41 --------- d-----w f:\documents and settings\g-race\Application Data\Orbit
2008-12-27 07:31 --------- d-----w f:\documents and settings\g-race\Application Data\PRODEGETOOLBAR680
2008-12-25 10:50 --------- d--h--w f:\program files\InstallShield Installation Information
2008-12-25 10:50 --------- d-----w f:\program files\Logitech
2008-12-25 10:50 --------- d-----w f:\program files\Common Files\Logitech
2008-06-10 03:33 0 -c--a-w f:\program files\temp01
2007-11-23 22:42 25,280 -c--a-w f:\documents and settings\g-race\Application Data\GDIPFONTCACHEV1.DAT
2007-02-08 18:48 133,920 ----a-w f:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-05_15.43.04.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 04:02:28 163,328 ----a-w f:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-05 23:24:55 66,778 ----a-w f:\windows\system32\perfc009.dat
+ 2009-02-05 23:44:13 66,778 ----a-w f:\windows\system32\perfc009.dat
- 2009-02-05 23:24:55 428,160 ----a-w f:\windows\system32\perfh009.dat
+ 2009-02-05 23:44:13 428,160 ----a-w f:\windows\system32\perfh009.dat
+ 2009-02-08 22:11:01 16,384 ----atw f:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="f:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AIM"="f:\program files\AIM\aim.exe" [2006-08-01 67112]
"Skype"="f:\program files\Skype\Phone\Skype.exe" [2007-08-25 23090984]
"Veoh"="f:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"Google Update"="f:\documents and settings\g-race\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"VeohPlugin"="f:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"eNMTray.exe"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="f:\windows\System32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="f:\windows\System32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="f:\windows\System32\igfxpers.exe" [2006-06-13 118784]
"Broadcom Wireless Manager UI"="f:\windows\System32\WLTRAY.exe" [2005-11-11 1236992]
"INPROCOMMWireless"="f:\program files\Atheros\Wireless\Utility\WlanUtil.exe" [BU]
"ccApp"="f:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="f:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
"IMJPMIG8.1"="f:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="f:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="f:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="f:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="f:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-28 185872]
"Ad-Watch"="f:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-30 509784]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 f:\windows\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 f:\windows\system32\bthprops.cpl]
f:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - f:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-09 113664]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PolicyKey.lnk - f:\program files\Impulse\PolicyKey.exe [2005-10-04 573440]
Post-itr Software Notes Lite.lnk - f:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGVpO]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\AIM\\aim.exe"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"f:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"f:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\Documents and Settings\\g-race\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"f:\\Documents and Settings\\g-race\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"f:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [2009-01-23 64160]
R2 EpmPsd;Acer EPM Power Scheme Driver;f:\windows\system32\drivers\epm-psd.sys [2007-08-21 4096]
R2 EpmShd;Acer EPM System Hardware Driver;f:\windows\system32\drivers\epm-shd.sys [2007-08-21 78208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-19 99376]
S3 SavRoam;SAVRoam;f:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]
.
Contents of the 'Scheduled Tasks' folder
2009-02-07 f:\windows\Tasks\Ad-Aware Update (Weekly).job
- f:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 23:13]
2009-02-08 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1767777339-725345543-1003.job
- f:\documents and settings\g-race\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 20:35]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0C8C6E91-E7C7-488B-AEB1-0D04A289F394} - (no file)
BHO-{2AFBA3E2-30EC-4C71-A9B0-ADA545CF0120} - (no file)
BHO-{4A3C3B9C-38C5-49FC-8DB2-383594535A47} - (no file)
BHO-{75D7747F-422C-4712-A937-FA69013E1B6C} - (no file)
BHO-{DB558CD3-0EFA-4C6C-90CB-55B8A48CC755} - (no file)
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - f:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\g-race\Application Data\Mozilla\Firefox\Profiles\vl7q6iu5.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: f:\documents and settings\g-race\Application Data\Mozilla\Firefox\Profiles\vl7q6iu5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: f:\documents and settings\g-race\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: f:\documents and settings\g-race\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: f:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: f:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-08 14:11:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
f:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\Symantec Shared\ccSetMgr.exe
f:\program files\Symantec AntiVirus\DefWatch.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\lkcitdl.exe
f:\windows\system32\lkads.exe
f:\windows\system32\lktsrv.exe
f:\program files\National Instruments\MAX\nimxs.exe
f:\program files\National Instruments\Shared\Security\nidmsrv.exe
f:\windows\system32\nisvcloc.exe
f:\windows\system32\rundll32.exe
f:\program files\National Instruments\Shared\Tagger\tagsrv.exe
f:\windows\system32\wdfmgr.exe
f:\windows\system32\WLTRYSVC.EXE
f:\windows\system32\BCMWLTRY.EXE
f:\program files\Canon\CAL\CALMAIN.exe
f:\progra~1\3M\PSNLite\PSNGive.exe
f:\windows\system32\wbem\unsecapp.exe
f:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-08 14:16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-08 22:16:38
ComboFix2.txt 2009-02-05 23:51:16
Pre-Run: 2,352,005,120 bytes free
Post-Run: 2,267,267,072 bytes free
219 --- E O F --- 2008-09-02 09:40:21
--------------------------------
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:59 PM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\lkcitdl.exe
F:\WINDOWS\System32\igfxtray.exe
F:\WINDOWS\System32\hkcmd.exe
F:\WINDOWS\System32\igfxpers.exe
F:\WINDOWS\System32\WLTRAY.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\lkads.exe
F:\WINDOWS\system32\lktsrv.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\National Instruments\MAX\nimxs.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Veoh Networks\Veoh\VeohClient.exe
F:\WINDOWS\System32\svchost.exe
F:\Documents and Settings\g-race\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\WINDOWS\System32\WLTRYSVC.EXE
F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
F:\WINDOWS\System32\bcmwltry.exe
F:\Program Files\Impulse\PolicyKey.exe
F:\Program Files\3M\PSNLite\PsnLite.exe
F:\Program Files\Canon\CAL\CALMAIN.exe
F:\PROGRA~1\3M\PSNLite\PSNGive.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - F:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] F:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] F:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [INPROCOMMWireless] F:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "F:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\g-race\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "F:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PolicyKey.lnk = F:\Program Files\Impulse\PolicyKey.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = F:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Download by Orbit -
res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -
res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - F:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - F:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - F:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - F:\WINDOWS\system32\OpcEnum.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - F:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10042 bytes