Thanks UKbiker for your attention.
Fixed the items from HJT as you requested.
Downloaded Killbox.exe, installed and ran as you requested. No PendingFileRenameOperations messages. Rebooted normally (no more processes.txt). Spyware warning no longer popping up.
Created and ran delserv.bat - received multiple 'specified service does not exist as an installed service' messages.
Ran Panda Active scan. Panda report and HJT log below.
Thanks again for all your help!
Jenny
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8.inf
Dialer:dialer.bpb Not disinfected c:\windows\iedisco.exe
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies-1.txt[adserver.filefront.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.zedo.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.peel.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[.xiti.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Eberhardt Family\Application Data\Mozilla\Firefox\Profiles\t6js2755.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eberhardt Family\Cookies\eberhardt family@atwola[1].txt
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Documents and Settings\Eberhardt Family\My Documents\nocturne\asp.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\3817ow0d.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\3817ow0d.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\3817ow0d.Default User\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Katie\Application Data\Mozilla\Firefox\Profiles\jtaafcwd.default\cookies.txt[.zedo.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.did-it.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.go.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Application Data\Mozilla\Firefox\Profiles\6fejh8ez.default\cookies.txt[.888.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\
[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\
[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@casalemedia[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\
[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@realmedia[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\
[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Katie.EBERHARDT\Cookies\katie@zedo[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Preferred Customer\Application Data\Mozilla\Firefox\Profiles\kx5lzeda.default\cookies.txt[.atwola.com/]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\WINNT\system32\directx\asp\mech\asp.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:56:55 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\AOL\1139676970\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpocyp07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Documents and Settings\Eberhardt Family\Desktop\Security\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.aimtoday.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://store.presari...t...c02&lc=0409R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/.../search/ie.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139676970\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpocyp07.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.my-etrust...an/pestscan.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1130821158359O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.h...cdetection3.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/...s/msnchat45.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FireDaemon Service: binconf (binconf) - Unknown owner - C:\WINNT\system32\directx\asp\mech\FireDaemon.EXE (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: FireDaemon Service: windll64 (windll64) - Unknown owner - C:\WINNT\system32\directx\asp\mech\FireDaemon.EXE (file missing)