| Please help. I keep getting pop-ups and warnings that there are multiple Trojan viruses on my computer.
The ComboFix log is as follows:
ComboFix 08-08-23.03 - User 2008-08-24 18:28:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.881 [GMT 1:00]
Running from: C:\Users\User\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\System32\aGjlkUtv.ini
C:\Windows\System32\aGjlkUtv.ini2
C:\Windows\system32\cyukociy.dll
C:\Windows\System32\Desktop_.ini
C:\Windows\system32\gdpewiux.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mqtdbqcw.dll
C:\Windows\system32\oiduclxg.ini
C:\Windows\system32\pfpaanws.ini
C:\Windows\system32\swnaapfp.dll
C:\Windows\System32\uCeehiPo.ini
C:\Windows\System32\uCeehiPo.ini2
----- BITS: Possible infected sites -----
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 17:22 --------- d-----w C:\ProgramData\BullGuard
2008-08-24 16:07 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-08-24 16:06 --------- d-----w C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2008-08-24 16:06 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-24 16:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-24 15:49 --------- d-----w C:\Program Files\CCleaner
2008-08-24 15:36 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-06 17:36 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-05 15:15 --------- d-----w C:\Program Files\Particles in motion
2008-07-31 13:06 --------- d-----w C:\Program Files\Yahoo!
2008-07-31 13:05 --------- d-----w C:\Program Files\Sony
2008-07-31 13:04 --------- d-----w C:\ProgramData\Sony Corporation
2008-07-31 13:04 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-07-13 21:06 174 --sha-w C:\Program Files\desktop.ini
2008-07-08 16:48 --------- d-----w C:\Users\User\AppData\Roaming\Sony Corporation
2008-07-08 16:48 --------- d-----w C:\ProgramData\SonicStage
2008-07-08 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 19:06 --------- d-----w C:\ProgramData\HP
2008-07-01 19:05 --------- d-----w C:\Users\User\AppData\Roaming\Image Zone Express
2008-07-01 19:05 --------- d-----w C:\Users\User\AppData\Roaming\HP
2008-07-01 19:04 --------- d-----w C:\Users\User\AppData\Roaming\Printer Info Cache
2008-07-01 19:04 --------- d-----w C:\ProgramData\WEBREG
2008-07-01 19:02 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-07-01 19:02 --------- d-----w C:\Program Files\HP
2008-07-01 19:01 --------- d-----w C:\Program Files\Common Files\HP
2008-07-01 18:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-07-01 18:53 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-13 14:40 308552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 03:58 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 09:24 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 20:38 151552]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-13 14:40 308552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-12 20:19 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-08 19:20 185896]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:37 4186112 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-01-22 03:26:12 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4251702532-2138462062-1121262881-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{5BA00C6C-A0ED-4727-A687-CDB88B9BF1B6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F53D5D2-1BA6-4275-BF24-ACA557A47B17}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2007-10-23 10:16]
R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-02-09 12:31]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 10:37]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 08:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 08:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\Windows\Tasks\WebReg Photosmart C5100 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 21:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{BC10683F-3AFC-4E85-AEEE-F68FBBF1C79F} - C:\Windows\system32\vtUkljGa.dll
HKLM-Run-78d7bc3d - C:\Windows\system32\swnaapfp.dll
HKLM-Run-MSServer - C:\Windows\system32\fcCVLFyV.dll
HKLM-Run-BM7be48fa1 - C:\Windows\system32\gdpewiux.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{683A9F36-9284-4B2A-9D68-72A4C6C5BC4D} - C:\Windows\system32\fcCVLFyV.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://en.uk.acer.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://en.uk.acer.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-24 18:39:45 Windows 6.0.6000 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-24 18:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 17:46:14
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 42,214,490,112 bytes free
195 --- E O F --- 2008-08-24 15:36:44
The SuperAntiSpywear log is as follows:
Generated 08/24/2008 at 06:12 PM
Application Version : 4.20.1046
Core Rules Database Version : 3545
Trace Rules Database Version: 1534
Scan type : Complete Scan
Total Scan Time : 01:02:02
Memory items scanned : 716
Memory threats detected : 2
Registry items scanned : 6830
Registry threats detected : 13
File items scanned : 22446
File threats detected : 7
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\VTUKLJGA.DLL
C:\WINDOWS\SYSTEM32\VTUKLJGA.DLL
Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\FCCVLFYV.DLL
C:\WINDOWS\SYSTEM32\FCCVLFYV.DLL
C:\WINDOWS\SYSTEM32\RQROIYAX.DLL
Trojan.Vundo-Variant/NextGen-Six
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cd13c07-06f1-4415-ba53-2e9430acd0bd}
HKCR\CLSID\{3CD13C07-06F1-4415-BA53-2E9430ACD0BD}
HKCR\CLSID\{3CD13C07-06F1-4415-BA53-2E9430ACD0BD}\InprocServer32
HKCR\CLSID\{3CD13C07-06F1-4415-BA53-2E9430ACD0BD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TZUWFX.DLL
Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{683A9F36-9284-4B2A-9D68-72A4C6C5BC4D}
HKCR\CLSID\{683A9F36-9284-4B2A-9D68-72A4C6C5BC4D}
HKCR\CLSID\{683A9F36-9284-4B2A-9D68-72A4C6C5BC4D}\InprocServer32
HKCR\CLSID\{683A9F36-9284-4B2A-9D68-72A4C6C5BC4D}\InprocServer32#ThreadingModel
Adware.Tracking Cookie
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt
Adware.Vundo Variant/Rel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\fcCVLFyV.dll,#1 ]
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-4251702532-2138462062-1121262881-1000\Software\Microsoft\rdfa
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\MBEYGACP.EXE
C:\Windows\Prefetch\MBEYGACP.EXE-C4C736D0.pf
The HijackThis log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:50, on 24/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\User\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe --
End of file - 8498 bytes
Any help will be gratefully accepted as I'm a bit out of my depth now!
Thanks in advance. | 
|