CF:

ComboFix 08-06-20.4 - Administrator 2008-07-01 8:49:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1358 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM43fb34f8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\sgixqitq.ini
C:\WINDOWS\system32\ssqpMdBQ.dll
C:\WINDOWS\system32\tisloxfm.ini
C:\WINDOWS\system32\xbLlRXyb.ini
C:\WINDOWS\system32\xbLlRXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 08:34 . 2008-07-01 08:34 95 --a------ C:\WINDOWS\wininit.ini
2008-07-01 02:52 . 2008-07-01 02:53 81,920 --a------ C:\WINDOWS\system32\qtiqxigs.dll
2008-07-01 02:49 . 2008-07-01 02:49 103,424 --a------ C:\WINDOWS\system32\navpoy.dll
2008-07-01 02:49 . 2008-07-01 02:49 103,424 --a------ C:\WINDOWS\system32\csssoujw.dll
2008-07-01 02:46 . 2008-07-01 02:46 91,136 --a------ C:\WINDOWS\system32\dcypofxy.dll
2008-06-30 23:56 . 2008-06-30 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-06-30 23:50 . 2008-06-30 23:57 <DIR> d-------- C:\Program Files\AVS4YOU
2008-06-30 23:48 . 2008-06-30 23:56 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-06-30 23:48 . 2008-06-30 23:48 674,816 --a------ C:\WINDOWS\isRS-000.tmp
2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-30 15:48 . 2008-06-30 15:48 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-06-30 15:45 . 2008-06-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-06-30 15:27 . 2008-06-30 15:27 <DIR> d-------- C:\Program Files\QuickTime
2008-06-30 14:53 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-30 14:53 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-30 14:43 . 2008-06-30 14:43 <DIR> d-------- C:\Program Files\Bonjour
2008-06-30 14:43 . 2008-06-30 14:43 81,920 --a------ C:\WINDOWS\system32\mfxolsit.dll
2008-06-30 14:42 . 320,000 C:\WINDOWS\system32\byXRlLbx.dll_old
2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-30 14:34 . 2008-06-30 15:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-30 14:28 . 2008-06-30 14:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-30 14:28 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-30 14:28 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-30 06:38 . 2008-06-30 06:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-06-30 03:39 . 2008-06-30 03:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-06-30 03:13 . 2008-07-01 08:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-30 02:54 . 2008-06-30 03:07 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-06-30 02:52 . 2008-06-30 02:52 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-30 02:52 . 2008-06-30 02:52 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-30 02:52 . 2008-06-30 02:52 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-30 02:49 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-30 02:49 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-30 02:49 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-06-30 02:49 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-06-30 02:49 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-30 02:49 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-30 02:49 . 2006-08-01 03:02 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-06-30 02:49 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-06-30 02:49 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-30 02:48 . 2008-06-30 02:48 <DIR> d-------- C:\Program Files\Realtek
2008-06-30 02:48 . 2008-06-30 02:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 02:47 . 2007-07-26 05:09 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-06-30 02:31 . 2008-06-30 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-30 02:28 . 2008-06-30 02:28 <DIR> d-------- C:\WINDOWS\nview
2008-06-30 02:28 . 2008-06-30 02:28 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-30 02:28 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-30 02:28 . 2008-07-01 08:56 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-30 02:28 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-30 02:28 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-30 02:28 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-30 02:28 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-30 02:28 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-30 02:27 . 2008-06-30 02:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-30 02:27 . 2008-06-30 02:27 <DIR> d-------- C:\NVIDIA
2008-06-30 02:27 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-30 02:19 . 2008-06-30 02:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-30 02:14 . 2008-06-30 02:14 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-30 02:08 . 2008-06-30 02:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-30 02:07 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-06-30 02:06 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-30 02:06 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002238_.tmp
2008-06-30 02:05 . 2008-06-30 02:05 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 07:07 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-30 06:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-30 05:36 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E01C00-1BE4-41CB-9AF6-08A6E586DA2F}]
C:\WINDOWS\system32\byXRlLbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6892a0f6-22c4-4cff-ada0-6a7584aa98fb}]
2008-07-01 02:49 103424 --a------ C:\WINDOWS\system32\navpoy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 03:21 16384000 C:\WINDOWS\RTHDCPL.exe]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"DAEMON Tools-1033"="D:\Daemon Tools\daemon.exe" [2004-08-22 17:05 81920]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="D:\Quicktime\QTTask.exe" [2008-05-27 10:50 413696]
"40c80764"="C:\WINDOWS\system32\qtiqxigs.dll" [2008-07-01 02:53 81920]
"BM43fb34f8"="C:\WINDOWS\system32\dcypofxy.dll" [2008-07-01 02:46 91136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Steam\\steamapps\\jaltimier@fuse.net\\team fortress 2\\hl2.exe"=
"D:\\uTorrent\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-16 23:58]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [2006-06-23 05:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 22:48:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 08:54:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\sgixqitq.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-01 8:59:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 12:58:41

Pre-Run: 25,504,215,040 bytes free
Post-Run: 25,757,802,496 bytes free

180


HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:51 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Winamp\winampa.exe
D:\Daemon Tools\daemon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {37E01C00-1BE4-41CB-9AF6-08A6E586DA2F} - C:\WINDOWS\system32\byXRlLbx.dll (file missing)
O2 - BHO: {bf89aa48-57a6-0ada-ffc4-4c226f0a2986} - {6892a0f6-22c4-4cff-ada0-6a7584aa98fb} - C:\WINDOWS\system32\navpoy.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [40c80764] rundll32.exe "C:\WINDOWS\system32\qtiqxigs.dll",b
O4 - HKLM\..\Run: [BM43fb34f8] Rundll32.exe "C:\WINDOWS\system32\dcypofxy.dll",s
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3250 bytes

I actually have another machine that has come down with virtumonde as well

here is the other HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:06 PM, on 7/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\tskmngr.exe
C:\Program Files\iTunes\iTunes.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\explorer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Music\AppData\Local\Temp\rqRIaYrq.dll,#1
O4 - HKCU\..\Run: [BM2d5c4b2d] Rundll32.exe "C:\Users\Music\AppData\Local\Temp\tmlhrjmi.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Music\AppData\Local\Temp\cbXpPHBq.dll,c
O4 - HKCU\..\Run: [2e6f78b1] rundll32.exe "C:\Users\Music\AppData\Local\Temp\eobhceoo.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8715 bytes