PDA

View Full Version : Virtumonde.dll Help Needed



shadrach
2008-04-16, 19:15
Trying to get this pain in the butt off my computer. Here's the reports I got from the scans. Any help would be greatly appreciated! :)

ComboFix 08-04-15.4 - Jason 2008-04-16 8:37:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1842 [GMT -7:00]
Running from: C:\Users\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jason\AppData\Roaming\inst.exe
C:\Windows\system32\byXqNeee.dll
C:\Windows\System32\eeeNqXyb.ini
C:\Windows\System32\eeeNqXyb.ini2
C:\Windows\system32\KBL.LOG
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nNExVPHb.dll
C:\Windows\System32\pgwoefls.ini
C:\Windows\system32\pvytvvxm.dll
C:\Windows\system32\slfeowgp.dll
C:\Windows\system32\tlxiskiy.dll
C:\Windows\System32\WHPrYcdd.ini
C:\Windows\System32\WHPrYcdd.ini2
C:\Windows\system32\xxyvvVPI.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 07:57 . 2008-04-16 07:57 294 ---hs---- C:\Windows\System32\lhapctko.ini
2008-04-16 07:54 . 2008-04-16 07:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 23:49 . 2008-04-15 23:49 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-15 23:33 . 2008-04-15 23:49 <DIR> d-------- C:\VundoFix Backups
2008-04-15 22:21 . 2008-04-16 07:19 530 --a------ C:\Windows\wininit.ini
2008-04-13 21:11 . 2004-03-29 16:23 90,112 --a------ C:\Windows\unvise32.exe
2008-04-13 21:10 . 2008-04-13 21:11 <DIR> d-------- C:\Program Files\The Rosetta Stone
2008-04-13 20:38 . 2008-04-13 20:38 <DIR> d-------- C:\Program Files\Aspell
2008-04-13 17:11 . 2008-04-13 17:11 <DIR> d-------- C:\Windows\Sun
2008-04-13 15:02 . 2008-04-13 15:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-13 15:02 . 2008-04-13 15:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 14:47 . 2008-04-13 14:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-13 14:47 . 2008-04-13 14:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-13 11:19 . 2008-04-13 11:19 <DIR> d-------- C:\Program Files\CCleaner
2008-04-12 23:28 . 2008-04-12 23:28 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Proxima Software
2008-04-11 17:30 . 2008-04-12 22:20 48,016 --a------ C:\Windows\CDPlayer.ini
2008-04-11 14:27 . 2008-04-11 14:27 <DIR> d-------- C:\Program Files\MediaMonkey
2008-04-11 01:32 . 2008-04-11 14:24 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Thinstall
2008-04-09 20:55 . 2007-03-07 22:49 540,672 --a------ C:\Program Files\FontRenamer.exe
2008-04-09 20:51 . 2008-04-09 20:54 <DIR> d-------- C:\Program Files\FontExpert
2008-04-09 20:42 . 2008-04-09 20:42 <DIR> d-------- C:\Program Files\FontLab
2008-04-09 20:42 . 2008-04-09 20:42 <DIR> d-------- C:\Program Files\Common Files\FontLab
2008-04-09 20:38 . 2008-04-09 20:38 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-09 16:48 . 2008-04-09 16:48 <DIR> d-------- C:\Program Files\Stardock
2008-04-09 16:44 . 2008-04-09 16:44 75,027 --a------ C:\translations.xml
2008-04-09 16:31 . 2008-04-09 16:48 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-------- C:\Users\All Users\InstallShield
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-------- C:\ProgramData\InstallShield
2008-04-09 16:24 . 2008-04-09 16:24 <DIR> d-------- C:\Program Files\Default Company Name
2008-04-09 16:05 . 1999-04-23 22:22 1,056,768 --------- C:\Windows\System32\MSJET35.dll
2008-04-09 16:05 . 1998-04-27 22:15 570,128 --------- C:\Windows\System32\DAO350.dll
2008-04-09 16:03 . 2008-04-09 16:03 <DIR> d-------- C:\Program Files\Melco Embroidery Systems
2008-04-09 16:03 . 2008-04-09 16:05 <DIR> d-------- C:\Designs
2008-04-09 16:03 . 2003-02-05 20:02 13,359 --------- C:\Windows\System32\drivers\sydexfdd.sys
2008-04-09 16:01 . 2008-04-09 16:01 <DIR> d-------- C:\Program Files\SafeNet Sentinel
2008-04-09 16:01 . 2008-04-09 16:01 <DIR> d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-04-08 22:43 . 2008-04-16 00:40 69 --a------ C:\Windows\NeroDigital.ini
2008-04-08 17:16 . 2008-02-21 19:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 17:16 . 2008-02-21 22:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 17:08 . 2008-02-29 00:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 17:08 . 2008-02-29 00:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 17:08 . 2008-02-21 22:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 17:08 . 2008-02-28 23:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-08 17:08 . 2008-02-28 21:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 17:08 . 2008-02-28 23:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-08 17:08 . 2008-02-28 23:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 17:08 . 2008-02-29 00:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 17:08 . 2008-02-28 21:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 17:08 . 2008-02-28 23:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 16:51 . 2008-02-28 21:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 16:51 . 2008-02-21 21:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-08 00:29 . 2008-04-08 00:29 <DIR> d-------- C:\Users\Jason\AppData\Roaming\CyberLink
2008-04-07 20:31 . 2008-04-12 19:50 101,667 --a------ C:\Users\Jason\AppData\Roaming\nvModes.dat
2008-04-07 20:29 . 2008-04-07 20:29 <DIR> d-------- C:\Users\Jason\AppData\Roaming\WildTangent
2008-04-07 20:07 . 2008-04-07 20:07 <DIR> d-------- C:\Users\Jason\AppData\Roaming\AdobeUM
2008-04-07 19:57 . 2008-04-07 21:03 <DIR> d-------- C:\Windows\System32\Adobe
2008-04-07 19:57 . 2004-08-16 17:40 16,384 --a------ C:\Windows\System32\FileOps.exe
2008-04-07 19:50 . 2008-04-07 19:50 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-04-07 19:50 . 2008-04-07 19:50 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-04-07 19:47 . 2008-04-07 19:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-07 19:47 . 2008-04-13 14:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-07 18:53 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-04-07 17:57 . 2008-04-07 17:57 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-04-07 17:57 . 2008-04-07 17:57 <DIR> d-------- C:\ProgramData\Yahoo!
2008-04-07 17:53 . 2008-04-07 17:53 <DIR> d-------- C:\Users\Jason\AppData\Roaming\acccore
2008-04-07 17:52 . 2008-04-07 17:52 <DIR> d-------- C:\Users\All Users\AOL Downloads
2008-04-07 17:52 . 2008-04-07 17:52 <DIR> d-------- C:\ProgramData\AOL Downloads
2008-04-07 17:52 . 2008-04-07 17:52 21 --a------ C:\Windows\atid.ini
2008-04-07 17:51 . 2008-04-07 17:53 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-04-07 17:51 . 2008-04-07 17:53 <DIR> d-------- C:\ProgramData\AOL OCP
2008-04-07 17:51 . 2008-04-07 17:51 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-07 17:51 . 2008-04-07 17:52 <DIR> d-------- C:\Program Files\AIM6
2008-04-07 17:49 . 2008-04-07 17:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-07 17:49 . 2008-04-07 17:50 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-07 17:49 . 2008-04-07 17:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 17:47 . 2008-04-07 17:47 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Ahead
2008-04-07 17:45 . 2008-04-07 17:45 <DIR> d-------- C:\Program Files\Nero
2008-04-07 17:45 . 2008-04-07 17:47 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 17:29 . 2008-04-07 17:29 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-07 17:19 . 2008-04-07 17:19 <DIR> d-------- C:\Program Files\SourceTec
2008-04-07 17:19 . 2008-04-07 17:19 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-04-07 17:18 . 2008-04-07 17:18 <DIR> d-------- C:\Program Files\MagicISO
2008-04-07 17:10 . 2008-04-07 17:10 <DIR> d-------- C:\Program Files\PowerISO
2008-04-07 17:06 . 2008-04-12 22:20 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Vso
2008-04-07 17:06 . 2008-04-07 17:06 <DIR> d-------- C:\Program Files\VSO
2008-04-07 17:06 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-04-07 17:06 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-04-07 17:06 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-04-07 17:06 . 2008-04-07 17:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-04-07 17:06 . 2008-04-07 17:06 47,360 --a------ C:\Users\Jason\AppData\Roaming\pcouffin.sys
2008-04-07 16:58 . 2008-04-07 16:58 <DIR> d-------- C:\Program Files\Stanimir Stoyanov
2008-04-07 16:58 . 2008-04-07 16:58 <DIR> d-------- C:\Program Files\CodeGazer
2008-04-07 16:57 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-04-07 16:57 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-04-07 16:57 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-04-07 16:56 . 2008-04-07 16:56 <DIR> d-------- C:\Program Files\Frameworkx
2008-04-07 16:50 . 2008-04-07 16:50 16 --a------ C:\Windows\System32\coh.cache
2008-04-07 16:48 . 2008-04-07 16:48 <DIR> d-------- C:\Program Files\AM-DeadLink
2008-04-07 16:45 . 2008-04-07 16:45 <DIR> d-------- C:\Users\All Users\Azureus
2008-04-07 16:45 . 2008-04-07 16:45 <DIR> d-------- C:\ProgramData\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 15:09 --------- d-----w C:\ProgramData\Symantec
2008-04-09 23:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-09 23:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 01:01 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 00:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 00:51 --------- d-----w C:\ProgramData\Viewpoint
2008-04-08 00:51 --------- d-----w C:\Program Files\Viewpoint
2008-04-07 23:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-07 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 23:10 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 22:01 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-07 21:48 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8104V9J_E480576-002_4A_I30CF_SQuanta_V85.24_F.2A_T080222_WV3-1_L409_M3007_J160_7AMD_8F82_92.00_#080407_N10DE054C;168C001C_(KN828UA#ABA)_XMOBILE_CN10_Z.MRK
2008-03-16 11:25 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-16 11:23 --------- d-----w C:\Program Files\HP
2008-03-10 19:04 --------- d-----w C:\Program Files\Java
2008-03-10 19:03 --------- d-----w C:\Program Files\Common Files\Java
2008-03-10 18:55 --------- d-----w C:\Program Files\AWS
2008-03-10 18:54 --------- d-----w C:\Program Files\earthlink totalaccess
2008-03-10 18:53 --------- d-----w C:\Program Files\CyberLink
2008-03-10 18:42 --------- d-----w C:\ProgramData\HP
2008-03-10 18:42 --------- d-----w C:\Program Files\Common Files\HP
2008-03-10 18:41 --------- d-----w C:\Program Files\Sling Media
2008-03-10 18:26 --------- d-----w C:\ProgramData\muvee Technologies
2008-03-10 18:26 --------- d-----w C:\Program Files\muvee Technologies
2008-03-10 18:26 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-03-04 09:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 09:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-01-25 09:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
2008-01-21 02:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-01-21 02:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-01-21 02:24 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-21 02:23 98,816 ----a-w C:\Windows\System32\sdshext.dll
2008-01-18 11:30 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2008-01-18 11:03 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2008-01-18 10:52 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2008-01-18 10:51 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-02-03 20:04 2,171,370 ----a-w C:\Users\Jason\looney_tunes_zip.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 11:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 19:23 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 19:25 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 13:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 13:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 04:31 1033512]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 19:27 468264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 19:23 1008184]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280]

C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-04-09 16:48:59 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9EF89A66-9698-4353-959C-C3313B2EC120}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2FFE2449-05F4-431E-B5AA-DAF630828DF1}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F55BC89E-745A-4208-88C6-B6558614481F}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{05D3FAA0-F2DC-432F-AA2B-6F565814D674}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EBD79006-D140-4DD3-8BA5-44078780CFEE}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0429329E-0464-4D91-A359-809821A0E16F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B576D741-6854-4188-9EEF-727EC31E27C1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{77403D5F-6275-4BF9-850C-91F062BD4BCB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{53E97ECB-B819-4AD7-9978-A22DF485FCD9}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{04CFA403-5C9D-41DC-BBE3-287CFF764393}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{0C91F778-9260-491B-8C50-ED1589153C76}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2321C07C-20A1-4A1A-831A-AF87235D1168}"= UDP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{40D8CEBB-26DF-41F2-A84E-BB923D1C35C6}"= TCP:C:\RECYCLER\msnmrsgrs.exe:RSXB
"{DDBE4E42-ECB9-4E10-9770-0BF4240A112A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{BDBE07F5-1CC4-4505-8140-A20A2C700832}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{E8EB5A2D-95B3-4CFF-9122-AAF919733270}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B1A06BEA-C39C-45A4-8C85-928A55CD6070}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DB490BD-2D97-45D2-91AC-6FDCBE1CAA10}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{ED614D08-1A29-4515-9DE3-E7B8312C3A70}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C3D349A7-438B-478C-8AF5-65D3ADA26F09}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{773346EE-EF39-4981-9AA7-60541F11F04C}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080415.002\IDSvix86.sys [2008-04-04 17:47]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 13:40]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 06:12]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 06:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 06:12]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 14:50]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 15:32]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 00:30]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 19:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa4c16d-06a5-11dd-be48-001e37bd999b}]
\shell\AutoRun\command - setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 04:34:56 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jason.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 08:45:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-04-16 8:50:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 15:50:08

Pre-Run: 77,078,093,824 bytes free
Post-Run: 76,897,280,000 bytes free
.
2008-04-15 16:32:16 --- E O F ---

And the second report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:32 AM, on 4/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12938 bytes

shadrach
2008-04-17, 08:43
Never mind. I some how got it removed. :)