WinPFind Log...
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/8/2006 4:46:23 PM
WinPFind v1.5.0 Folder = D:\Documents and Settings\Samuel Beckring\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
WSUD 5/19/2006 8:01:32 AM 18796544 D:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 6/8/2004 10:17:42 PM 33792 D:\WINDOWS\SYSTEM32\cpwiuy.dll (Microsoft Corporation)
PEC2 8/9/2004 10:00:00 PM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 8/11/2004 9:54:46 PM 35840 D:\WINDOWS\SYSTEM32\ecesq.dll (Microsoft Corporation)
PTech 8/6/2005 3:42:52 PM 519944 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 9/11/2006 10:37:22 AM 8960936 D:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 10:37:22 AM 8960936 D:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/9/2004 10:00:00 PM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/9/2004 10:00:00 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/9/2004 10:00:00 PM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/30/2004 5:46:24 AM 28672 D:\WINDOWS\SYSTEM32\t3odm.dll (Cyberlink)
UPX! 3/26/2004 12:32:36 AM 99328 D:\WINDOWS\SYSTEM32\t5rdv.dll (Microsoft Corporation)
WSUD 5/9/2006 10:26:34 PM 7706112 D:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
Checking %System%\Drivers folder and sub-folders...
UPX! 10/5/2006 11:26:40 PM 778656 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 10/5/2006 11:26:40 PM 778656 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 10/5/2006 11:26:40 PM 778656 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 10/5/2006 11:26:40 PM 778656 D:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/8/2006 4:29:48 PM S 2048 D:\WINDOWS\bootstat.dat ()
10/7/2006 6:19:12 PM H 54156 D:\WINDOWS\QTFont.qfn ()
10/5/2006 11:24:28 PM HS 19694 D:\WINDOWS\SysPr.prx ()
9/29/2006 7:24:28 AM RH 0 D:\WINDOWS\assembly\PublisherPolicy.tme ()
9/29/2006 7:24:28 AM RH 0 D:\WINDOWS\assembly\pubpol27.dat ()
8/9/2006 5:53:24 PM RH 0 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index28.dat ()
10/5/2006 9:30:22 PM RH 0 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index31.dat ()
10/8/2006 4:25:12 PM S 64 D:\WINDOWS\CSC\00000001 ()
10/5/2006 9:06:34 PM S 64 D:\WINDOWS\CSC\00000002 ()
10/5/2006 8:57:18 PM S 64 D:\WINDOWS\CSC\csc1.tmp ()
9/19/2006 2:18:46 AM RHS 1338569 D:\WINDOWS\system32\7D561D2UxE.ini ()
10/6/2006 12:42:02 AM HS 4265 D:\WINDOWS\system32\SysPr.prx ()
8/21/2006 6:00:10 AM S 11749 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
9/18/2006 7:40:26 AM S 8847 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/8/2006 4:29:58 PM H 12288 D:\WINDOWS\system32\config\default.LOG ()
10/8/2006 4:33:52 PM H 1024 D:\WINDOWS\system32\config\SAM.LOG ()
10/8/2006 4:30:02 PM H 24576 D:\WINDOWS\system32\config\SECURITY.LOG ()
10/8/2006 4:34:12 PM H 69632 D:\WINDOWS\system32\config\software.LOG ()
10/8/2006 4:30:02 PM H 1085440 D:\WINDOWS\system32\config\system.LOG ()
9/20/2006 10:06:26 PM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
9/29/2006 9:58:54 PM S 341 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
9/29/2006 9:58:54 PM S 413 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
9/29/2006 9:58:54 PM S 574 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
9/29/2006 9:58:54 PM S 126 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
9/29/2006 9:58:54 PM S 98 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
9/29/2006 9:58:54 PM S 136 D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
9/19/2006 10:47:30 PM HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\33a427ff-f3ed-4401-a42c-8c45103ab546 ()
9/19/2006 10:47:30 PM HS 24 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/8/2006 4:33:22 PM H 330 D:\WINDOWS\Tasks\MP Scheduled Scan.job ()
10/8/2006 4:25:14 PM H 6 D:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
5/19/2006 8:01:32 AM 18796544 D:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/9/2004 10:00:00 PM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 135168 D:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 129536 D:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 68608 D:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
5/3/2006 2:56:54 AM 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/9/2004 10:00:00 PM 187904 D:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
9/23/2004 6:57:40 PM 323072 D:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
8/9/2004 10:00:00 PM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/9/2004 10:00:00 PM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
12/16/2005 2:19:10 PM 18776064 D:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://download.macr...director/sw.cab{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - VerifyGMN Class - CodeBase =
http://h20270.www2.h...staller_gmn.cab{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase =
http://download.micr...922/wmv9VCM.CAB{49232000-16E4-426C-A231-62846947304B} - SysData Class - CodeBase =
http://ipgweb.cce.hp...ads/sysinfo.cab{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase =
http://by114fd.bay11...es/MsnPUpld.cab{88D969C0-F192-11D4-A65F-0040963251E5} - XML DOM Document 4.0 - CodeBase =
http://ipgweb.cce.hp...oads/msxml4.cab{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_07 - CodeBase =
http://java.sun.com/...indows-i586.cab{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - HPObjectInstaller Class - CodeBase =
http://h30155.www3.h...edsolutions.cab{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - Get_ActiveX Control - CodeBase =
https://h17000.www1....loadManager.ocx{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase =
http://java.sun.com/...indows-i586.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://download.macr...ash/swflash.cab{E8F628B5-259A-4734-97EE-BA914D7BE941} - Driver Agent ActiveX Control - CodeBase =
http://driveragent.c...driveragent.cab»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
6/15/2006 3:59:58 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
6/15/2006 8:48:20 AM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini ()
10/6/2006 7:28:44 PM 2173 D:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
Checking files in %USERPROFILE%\Startup folder...
6/15/2006 3:59:58 PM HS 84 D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
6/15/2006 8:48:20 AM HS 62 D:\Documents and Settings\Administrator\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.microsoft...p...ER}&ar=home \\Search Page -
http://www.microsoft...amp;ar=iesearch \\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome \\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch \\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm \\SearchAssistant -
http://www.google.com/ie[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8198
\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 8193 =
\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - 8194 = Create Mobile Favorite...
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8195 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 =
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8197 = Yahoo! Messenger
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = D:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll (Sun Microsystems, Inc.)
\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - ButtonText: Create Mobile Favorite =
\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - MenuText: Create Mobile Favorite... = ()
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = D:\Program Files\AIM\aim.exe (America Online, Inc.)
\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = D:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = D:\Program Files\WinRAR\rarext.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = D:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = D:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\Copy To - = ()
\Move To - = ()
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = D:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray - D:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
HP Software Update - D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
SunJavaUpdateSched - D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
NWEReboot - Reg Data missing or invalid ()
SoundMan - D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
QuickTime Task - D:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
Windows Defender - D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
NeroFilterCheck - D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
AVG7_CC - D:\PROGRA~1\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
!AVG Anti-Spyware - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
NeroHomeFirstStart - D:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe (Nero AG)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
GEARSecurity 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FilmLoop
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FilmLoop
hkey HKLM
command "D:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "D:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item YahooMessenger
hkey HKCU
command "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = D:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = D:\WINDOWS\system32\userinit.exe,
\\Shell = explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{13C18A22-15C9-4A13-935B-9AAA0BDDDEA8} - (Windows Mobile-based Device)
{3120D63E-0929-4638-8F7F-F19392072D72} - (Windows Mobile-based Device)
{46ED224C-CA12-4CC0-A8F2-BABBB3993D69} - ()
{75D30370-997C-48C1-9968-320D8CB456E4} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{C7CB3643-BD43-45EB-BAAE-E414A966C1FA} - (1394 Net Adapter)
{CF5B41AB-7A83-406B-BBA4-BC11EC125C59} - (INPROCOMM IPN2120 Wireless LAN Card)
{D0341A3C-F86D-4A98-A8DC-CA4776290552} - ()
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 4:59:51 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
D:\Program Files\Kerio\WinRoute Firewall\avServer.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\eHome\ehmsas.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Samuel Beckring\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spamn
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WrCtrl] "D:\Program Files\Kerio\WinRoute Firewall\wrctrl.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.h...staller_gmn.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by114fd.bay11...es/MsnPUpld.cabO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp...oads/msxml4.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.h...edsolutions.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://driveragent.c...driveragent.cabO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - D:\Program Files\Kerio\WinRoute Firewall\winroute.exe
Thanks!