[hjt]
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:01:43, on 25-10-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\users\cenn\appdata\roaming\t-mobile internet manager\ouc.exe
c:\program files (x86)\avira\antivir desktop\avgnt.exe
c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\openoffice.org 3\program\soffice.exe
c:\program files (x86)\openoffice.org 3\program\soffice.bin
c:\program files (x86)\samsung\samsung recovery solution 4\wcscheduler.exe
c:\program files (x86)\samsung\easy display manager\dmhkcore.exe
c:\program files (x86)\samsung\samsung support center\ssckbdhk.exe
c:\program files (x86)\lavasoft\ad-aware\aawtray.exe
c:\program files (x86)\yahoo!\messenger\ymsgr_tray.exe
c:\program files (x86)\samsung\easyspeedupmanager\easyspeedupmanager.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://samsung.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.yahoo.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://samsung.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live id sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
o2 - bho: bing bar bho - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
o3 - toolbar: @c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [microsoft default manager] c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe -resume
o4 - hklm\..\run: [ucam_menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [avgnt] c:\program files (x86)\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
o4 - hkcu\..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe
o4 - hkcu\..\run: [messenger (yahoo!)] c:\progra~2\yahoo!\messenger\yahoomessenger.exe -quiet
o4 - hkcu\..\run: [{681710c1-7398-c007-f1e4-156eac416f99}] c:\users\cenn\appdata\roaming\qofu\yhip.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: openoffice.org 3.3 .lnk = c:\program files (x86)\openoffice.org 3\program\quickstart.exe
o9 - extra button: @c:\program files (x86)\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files (x86)\windows live\companion\companioncore.dll
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: clickpotato - {b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} - c:\program files (x86)\clickpotatolite\bin\10.0.701.0\clickpotatolitesabho.dll (file missing)
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o17 - hklm\system\ccs\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\ccs\services\tcpip\..\{8a8d298f-85c5-40bc-bcf6-82d6d59bc2a9}: nameserver = 192.168.1.254
o17 - hklm\system\cs1\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\cs2\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\avguard.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files (x86)\lavasoft\ad-aware\aawservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: rezip - unknown owner - c:\windows\syswow64\rezip.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe
--
end of file - 10600 bytes
[/hjt]
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:01:43, on 25-10-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\users\cenn\appdata\roaming\t-mobile internet manager\ouc.exe
c:\program files (x86)\avira\antivir desktop\avgnt.exe
c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\openoffice.org 3\program\soffice.exe
c:\program files (x86)\openoffice.org 3\program\soffice.bin
c:\program files (x86)\samsung\samsung recovery solution 4\wcscheduler.exe
c:\program files (x86)\samsung\easy display manager\dmhkcore.exe
c:\program files (x86)\samsung\samsung support center\ssckbdhk.exe
c:\program files (x86)\lavasoft\ad-aware\aawtray.exe
c:\program files (x86)\yahoo!\messenger\ymsgr_tray.exe
c:\program files (x86)\samsung\easyspeedupmanager\easyspeedupmanager.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://samsung.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.yahoo.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://samsung.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live id sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
o2 - bho: bing bar bho - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
o3 - toolbar: @c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [microsoft default manager] c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe -resume
o4 - hklm\..\run: [ucam_menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [avgnt] c:\program files (x86)\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
o4 - hkcu\..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe
o4 - hkcu\..\run: [messenger (yahoo!)] c:\progra~2\yahoo!\messenger\yahoomessenger.exe -quiet
o4 - hkcu\..\run: [{681710c1-7398-c007-f1e4-156eac416f99}] c:\users\cenn\appdata\roaming\qofu\yhip.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: openoffice.org 3.3 .lnk = c:\program files (x86)\openoffice.org 3\program\quickstart.exe
o9 - extra button: @c:\program files (x86)\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files (x86)\windows live\companion\companioncore.dll
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: clickpotato - {b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} - c:\program files (x86)\clickpotatolite\bin\10.0.701.0\clickpotatolitesabho.dll (file missing)
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o17 - hklm\system\ccs\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\ccs\services\tcpip\..\{8a8d298f-85c5-40bc-bcf6-82d6d59bc2a9}: nameserver = 192.168.1.254
o17 - hklm\system\cs1\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\cs2\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\avguard.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files (x86)\lavasoft\ad-aware\aawservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: rezip - unknown owner - c:\windows\syswow64\rezip.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe
--
end of file - 10600 bytes
[/hjt]