Good News!! I was so worried. Thanks for your help! My daughter keeps asking if she can go on Barbie.com and I'm like, not anytime soon, I'm still making the computer better 5 days later! lol~
Here is the log from WinPFind2:There wasn't just an "Export This" key- the options were for a simple or expanded report. This is the simple report. If you'd have preferred the expanded, just let me know and I will re-scan.
WinPFind2 by OldTimer - Version 1.0.8 Folder = C:\winpfind2\WinPFind2\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)
< Processes (Non-Microsoft Only) >
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avgfre~1\avgcc.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avgfre~1\avgemc.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\program files\browser mouse\browser mouse\1.1\mouse32a.exe - ( )
c:\program files\microsoft office\office\osa.exe - ( )
c:\winnt\plaxo\2.8.1.2\plaxohelper.exe - (Plaxo, Inc. )
c:\program files\common files\epson\ebapi\sagent2.exe - (SEIKO EPSON CORPORATION )
c:\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
< Registry Entries >
[>> Internet Explorer Settings <<]
HKCU->Internet Explorer\\SearchURL -
http://home.microsof...obby/search.asp HKLM->Main\\Start Page -
http://www.gateway.net HKLM->Main\\Search Page -
http://ie.search.msn.com HKLM->Main\\Default_Page_URL -
http://www.gateway.net HKLM->Main\\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page -
http://www.yahoo.com/ HKCU->Main\\Search Page -
http://ie.search.msn.com HKCU->Main\\Default_Search_URL -
http://ie.search.msn.com HKCU->Main\\Local Page - C:\WINNT\System32\blank.htm
HKLM->Search\\CustomizeSearch -
http://ie.search.msn...st/srchasst.htm HKLM->Search\\SearchAssistant -
http://ie.search.msn.com HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -
[>> BHO's <<]
{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll ( )
[>> Internet Explorer Bars, Toolbars and Extensions <<]
[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINNT\System32\Shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
ShellBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
[HKCU-> Internet Explorer CmdMapping]
{16BF42FD-CA0A-4f48-819D-B0343254DD67} - 8195 - Reg Data missing or invalid
{3E230861-5C87-11D3-A1C6-00105A1B41B8} - 8198 - Reg Data missing or invalid
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8199 - Uninstall BitDefender Online Scanner v8
{92D7F210-7F20-11d3-8157-0090278B20DE} - 8196 - Reg Data missing or invalid
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - 8194 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 - Messenger
NextId - 8200
[HKLM-> Internet Explorer Extensions]
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data missing or invalid (File not found))
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = (File not found))
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - ButtonText: MoneySide = (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation )
[HKLM-> Internet Explorer Plugins]
.spop - = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc. )
[>> Approved Shell Extensions (Non-Microsoft only) <<]
[HKLM-> Approved Shell Extensions]
{02040CD1-EF11-11D5-BC3F-0003473F5BF0} - HotShell Shell Extension = C:\Program Files\Common Files\efax\hotshell.dll (eFax.com )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{955B7B84-5308-419c-8ED8-0B9CA3C56985} - America Online Included = C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll (America Online, Inc. )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
[>> ContextMenuHandlers (Non-Microsoft only) <<]
[HKLM-> ContextMenuHandlers]
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
* - HotShellExt - {02040CD1-EF11-11D5-BC3F-0003473F5BF0} = C:\Program Files\Common Files\efax\hotshell.dll (eFax.com )
* - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory\Background - igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINNT\System32\igfxpph.dll (Intel Corporation )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
Folder - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
[>> ColumnHandlers (Non-Microsoft only) <<]
[HKLM-> ColumnHandlers]
[>> Registry Run Keys <<]
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\FLMK08KB - C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE ( )
HKLM->Run\\GWMDMMSG - GWMDMMSG.exe (GTW )
HKLM->Run\\GWMDMpi - C:\WINNT\GWMDMpi.exe ( )
HKLM->Run\\HotKeysCmds - C:\WINNT\System32\hkcmd.exe (Intel Corporation )
HKLM->Run\\IgfxTray - C:\WINNT\System32\igfxtray.exe (Intel Corporation )
HKLM->Run\\Ink Monitor - C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios )
HKLM->Run\\KernelFaultCheck - %systemroot%\system32\dumprep 0 -k (File not found))
HKLM->Run\\LWBMOUSE - C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE ( )
HKLM->Run\\NeroCheck - C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc. )
HKLM->Run\\REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\THGuard - "C:\Program Files\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security )
HKLM->Run\\Zone Labs Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )
HKCU->Run\\PlaxoUpdate - C:\WINNT\Plaxo\2.8.1.2\PlaxoHelper.exe -a (Plaxo, Inc. )
HKCU->Run\\PPWebCap - C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe (Scansoft Inc. )
[>> Startup Lnks <<]
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKLM->Common Startup - EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION )
HKLM->Common Startup - Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD. )
HKLM->Common Startup - LastQUIT v1.2.lnk - C:\Program Files\Longshot Productions\LastQUIT v1.2\LASTQUIT.EXE (Longshot Productions )
HKLM->Common Startup - Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE ( )
HKCU->Startup - desktop.ini - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ( )
HKCU->Startup - PowerReg SchedulerV2.exe - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ( )
[>> Disabled MSConfig Items <<]
[>> User Agent Post Platform <<]
sv1 -
[>> AppInit DLLs <<]
[>> Image File Execution Options <<]
Your Image File Name Here without a path - Debugger = ntsd -d
[>> Shell Service Object Delay Load <<]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )
[>> Shell Execute Hooks <<]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
[>> Shared Task Scheduler <<]
[>> Winlogon <<]
UserInit - c:\winnt\system32\userinit.exe, (Microsoft Corporation )
Shell - explorer.exe (Microsoft Corporation )
System - (File not found))
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )
[>> DNS Name Servers <<]
{2B381EE5-5F28-4054-966F-820FB1008551} - (Motorola SURFboard SB5100 USB Cable Modem)
{85B523F0-3F83-49BD-9B28-3C61E22CABD0} - (Intel® PRO/100 VE Network Connection)
[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))
vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ( )
[>> Protocol Filters (Non-Microsoft only) <<]
< Services (Non-Microsoft Only) >
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG E-mail Scanner (AVGEMS) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
< Files >
%SystemDrive%
C:\ComboFix.txt - qoologic ( [Ver = | Size = 10996 bytes | Date = 09/08/2006 21:16 | Attr = ])
%ProgramFilesDir%
%WinDir%
C:\WINNT\eFaxview.exe - aspack (eFax.com [Ver = 2.0.12.0 | Size = 505360 bytes | Date = 01/31/2003 02:09 | Attr = ])
C:\WINNT\LASTQUIT.INI - PTech ( [Ver = | Size = 4036 bytes | Date = 09/11/2006 12:48 | Attr = ])
%System%
C:\WINNT\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\jsdvwsdk.dll - aspack (eFax.com [Ver = 2.0.12.0 | Size = 881152 bytes | Date = 01/31/2003 02:09 | Attr = ])
C:\WINNT\SYSTEM32\nsi957.dll - UPX! ( [Ver = 1, 66, 0, 0 | Size = 78848 bytes | Date = 08/14/2006 19:52 | Attr = ])
C:\WINNT\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/29/2002 08:00 | Attr = ])
%System%\Drivers folder and sub-folders
C:\WINNT\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 09/07/2006 10:51 | Attr = ])
C:\WINNT\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 09/07/2006 10:51 | Attr = ])
C:\WINNT\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 09/07/2006 10:51 | Attr = ])
C:\WINNT\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 09/07/2006 10:51 | Attr = ])
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINNT\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 09/12/2006 11:07 | Attr = S])
C:\WINNT\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 08/24/2006 09:24 | Attr = H ])
C:\WINNT\inf\oem86.inf - ( [Ver = | Size = 0 bytes | Date = 09/08/2006 08:05 | Attr = H ])
C:\WINNT\LastGood\INF\oem87.inf - ( [Ver = | Size = 0 bytes | Date = 09/12/2006 14:29 | Attr = H ])
C:\WINNT\LastGood\INF\oem87.PNF - ( [Ver = | Size = 0 bytes | Date = 09/12/2006 14:29 | Attr = H ])
C:\WINNT\system32\vsconfig.xml - ( [Ver = | Size = 48882 bytes | Date = 09/12/2006 11:11 | Attr = H ])
C:\WINNT\system32\zllictbl.dat - ( [Ver = | Size = 4212 bytes | Date = 09/08/2006 15:44 | Attr = H ])
C:\WINNT\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/12/2006 14:24 | Attr = H ])
C:\WINNT\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 05:23 | Attr = H ])
C:\WINNT\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 05:21 | Attr = H ])
C:\WINNT\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 05:38 | Attr = H ])
C:\WINNT\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 05:21 | Attr = H ])
C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\2f2a2041-8022-4dad-8be8-eb94a200e793 - ( [Ver = | Size = 388 bytes | Date = 07/25/2006 08:20 | Attr = HS])
C:\WINNT\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 07/25/2006 08:20 | Attr = HS])
C:\WINNT\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/12/2006 11:07 | Attr = H ])
CPL files -
C:\WINNT\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.2209 | Size = 94208 bytes | Date = 07/10/2003 03:20 | Attr = ])
C:\WINNT\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 65536 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49265 bytes | Date = 04/13/2005 02:48 | Attr = ])
C:\WINNT\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\plugincpl131_02.cpl - (Sun Microsystems [Ver = 1, 3, 1, 2 | Size = 45148 bytes | Date = 11/26/2001 21:24 | Attr = ])
C:\WINNT\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\prefscpl.cpl - (RealNetworks, Inc. [Ver = 6.0.9.573 | Size = 24576 bytes | Date = 11/26/2002 11:01 | Attr = ])
C:\WINNT\SYSTEM32\PROSetp.cpl - (Intel Corporation [Ver = 5.3.42.0 | Size = 770048 bytes | Date = 04/18/2002 19:30 | Attr = ])
C:\WINNT\SYSTEM32\QuickTime.cpl - (Apple Computer, Inc. [Ver = 5.0.2 | Size = 287232 bytes | Date = 12/12/2001 11:05 | Attr = ])
C:\WINNT\SYSTEM32\scmgrcpl.cpl - (Caere Corporation [Ver = 3, 0, 1, 64 | Size = 89600 bytes | Date = 04/30/1998 16:13 | Attr = ])
C:\WINNT\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 03:16 | Attr = ])
C:\WINNT\SYSTEM32\DIBACKUP\DIRECTX\joy.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 65536 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 08/29/2002 03:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 65536 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp1.020828-1920) | Size = 147456 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/29/2002 08:00 | Attr = ])
C:\WINNT\SYSTEM32\ReinstallBackups\0006\DriverFiles\igfxcpl.cpl - (Intel Corporation [Ver = 3,0,0,1607 | Size = 94208 bytes | Date = 05/14/2002 21:24 | Attr = ])
AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/03/2002 13:34 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk - ( [Ver = | Size = 881 bytes | Date = 12/28/2002 16:05 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk - ( [Ver = | Size = 551 bytes | Date = 02/25/2004 13:52 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LastQUIT v1.2.lnk - ( [Ver = | Size = 1842 bytes | Date = 01/14/2003 09:41 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk - ( [Ver = | Size = 736 bytes | Date = 12/29/2002 20:45 | Attr = ])
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 13:23 | Attr = HS])
CurrentUser Startup Folder
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/03/2002 13:34 | Attr = HS])
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe - ( [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Date = 12/28/2002 16:08 | Attr = ])
CurrentUser ApplicationData Folder
C:\Documents and Settings\Owner\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 13:23 | Attr = HS])
C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 134776 bytes | Date = 07/17/2003 17:04 | Attr = ])
DPF files
{02BED220-FBC7-4392-93A2-3A50B056F78E} - - CodeBase =
http://down.plaxo.co...ease/instub.cab{26CBF141-7D0F-46E1-AA06-718958B6E4D2} - - CodeBase =
http://download.ebay.../US/install.cab{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase =
http://download.micr...922/wmv9VCM.CAB{41F17733-B041-4099-A042-B518BB6A408C} - - CodeBase =
http://a1540.g.akama...meInstaller.exe{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase =
http://download.bitd...can8/oscan8.cab{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase =
http://update.micros...b?1157666235546{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase =
http://support.f-sec.../ols3/fscax.cab{A8683C98-5341-421B-B23C-8514C05354F1} - FujifilmUploader Class - CodeBase =
http://www.samsphoto...ploadClient.cab{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - Toontown Installer ActiveX Control - CodeBase =
http://a.download.to...8.39/ttinst.cab{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - Java Plug-in 1.3.1_02 - CodeBase =
http://java.sun.com/...-131_02-win.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.ma...ent/swflash.cabDirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab
Hosts file = 734 bytes. Reading all entries. C:\WINNT\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
< End of report >
Here is the HJT Log:Logfile of HijackThis v1.99.1
Scan saved at 6:00:16 AM, on 9/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\Plaxo\2.8.1.2\PlaxoHelper.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\Internet Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.netR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.netO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINNT\Plaxo\2.8.1.2\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: LastQUIT v1.2.lnk = C:\Program Files\Longshot Productions\LastQUIT v1.2\LASTQUIT.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.co...ease/instub.cabO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.../US/install.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1157666235546O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) -
http://support.f-sec.../ols3/fscax.cabO16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
http://www.samsphoto...ploadClient.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://a.download.to...8.39/ttinst.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\Bin\IBServer.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe