Hi, I appreciate your help ~ I haven't been online and just got to this now. I shut down my SpySweeper, BigFix, and TrendMicro to attempt to re-do AVG/Ewido and HJT before reading your post. I renamed the file and still nothing.
Don't know if this matters but when I ctrl-alt-del, there's a guard.exe showing and I cannot shut that thing down. I don't know what it is!
Below is the log from Silent Runners and TY again:
"Silent Runners.vbs", revision 55,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"braviax" = "C:\WINDOWS\system32\braviax.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" ["McAfee, Inc."]
"TM Outbreak Agent" = ""C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run" ["Trend Micro Incorporated."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Reminder" = "%WINDIR%\Creator\Remind_XP.exe" ["SoftThinks"]
"Recguard" = "%WINDIR%\SMINST\RECGUARD.EXE" [empty string]
"PCClient.exe" = ""C:\Program Files\Trend Micro\Antivirus\PCClient.exe"" ["Trend Micro Incorporated."]
"pccguide.exe" = ""C:\Program Files\Trend Micro\Antivirus\pccguide.exe"" ["Trend Micro Incorporated."]
"OASClnt" = ""C:\Program Files\McAfee.com\VSO\oasclnt.exe"" ["McAfee, Inc."]
"nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]
"NvMediaCenter" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"MSKDetectorExe" = ""C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall" ["McAfee, Inc."]
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"CHotkey" = "zHotkey.exe" [empty string]
"AlwaysReady Power Message APP" = "ARPWRMSG.EXE" ["Microsoft"]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
"CanonMyPrinter" = ""C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon" ["CANON INC."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray" ["Webroot Software, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DBFB267C-334F-4F19-A304-63B7130C20C7}" = "MediaCenter Property Page"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "arpower.dll" ["Microsoft"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Antivirus\Tmdshell.dll" ["Trend Micro Incorporated."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Antivirus\VBProp.dll" ["Trend Micro Incorporated."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "cru629.dat" [null data]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}
"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}
"ClassicShell" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}
"NoThemesTab" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Enable Active Desktop}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}
"NoDispAppearancePage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoColorChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoSizeChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}
"NoDispScrSavPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoDispCPL" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}
"NoVisualStyleChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoDispSettingsPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}
"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}
"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup
"Secunia PSI (RC1)" -> shortcut to: "C:\Program Files\Secunia\PSI (RC1)\psi.exe" ["Secunia"]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"BigFix" -> shortcut to: "C:\Program Files\BigFix\bigfix.exe /atstartup" ["BigFix Inc."]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"wrSpySweeper_09EEB5A6D6184C088C38B77A5194AB4C" -> launches: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_09EEB5A6D6184C088C38B77A5194AB4C" ["Webroot Software, Inc."]
"wrSpySweeper_E7B0D801988345FA9C093AB02846C23E" -> launches: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_E7B0D801988345FA9C093AB02846C23E" ["Webroot Software, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
ARSVC, ARSVC, "C:\WINDOWS\arservice.exe" ["Microsoft"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PrismXL, PrismXL, "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" ["New Boundary Technologies, Inc."]
Trend Micro Proxy Service, tmproxy, "C:\Program Files\Trend Micro\Antivirus\tmproxy.exe" ["Trend Micro Incorporated."]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Webroot Spy Sweeper Engine, WebrootSpySweeperService, "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" ["Webroot Software, Inc."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "SSKBFD" ["Webroot Software Inc (www.webroot.com)"], <<!>> "arkbcfltr" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor iP1700\Driver = "CNMLM7W.DLL" ["CANON INC."]
CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-02-05 14:45:40)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 35 seconds, including 11 seconds for message boxes)