Everything seems to be alright for now, but per your instruction I am going to leave that assessment up to the professionals. Below you will find the tools I utized during the process and the logs generated for review. Please let me know if I need to run any additional tasks to keep my computer safe. Also, if you have recommendations on a Security System other than the one I am currently utilizing. Thanks so much!!!!
Utilized:
- BitDefender Total Security 2008: my security system, curious if there are better option. Like initially, after upgrade it is cumbersome.
- Adware 6.0
- Spy Bot Search and Destroy
- RegCure: Found 1416 issues but only fixed 10 under free subscription, is this worth the investment?
- AVG Anti-spyware
- ComboFix
- Hijak This
Posting Results:
1. Recovery Log
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
2. ComboFix Log File
ComboFix 08-02-25.3 - Tanya Hawkins 2008-02-26 11:25:39.1 - NTFSx86
Running from: C:\Documents and Settings\Tanya Hawkins\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Tanya Hawkins\Application Data\TSKS~1
C:\m.exe
C:\p.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\internet optimizer\
C:\Program Files\ISTsvc\
C:\q.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\b103.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\cgotcxjn.dll
C:\WINDOWS\system32\ddcbcyv.dll
C:\WINDOWS\system32\gabhxlyu.dll
C:\WINDOWS\SYSTEM32\ggjlm.ini
C:\WINDOWS\SYSTEM32\ggjlm.ini2
C:\WINDOWS\SYSTEM32\hfbvtwvh.ini
C:\WINDOWS\SYSTEM32\hfbvtwvh.tmp
C:\WINDOWS\system32\hvwtvbfh.dll
C:\WINDOWS\system32\iovkusky.dll
C:\WINDOWS\system32\jshbslxp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\SYSTEM32\njxctogc.ini
C:\WINDOWS\SYSTEM32\ocyjlmkx.ini
C:\WINDOWS\system32\orjvlchb.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqldzurt.dllbox
C:\WINDOWS\system32\prsgvrsc.dll
C:\WINDOWS\system32\wnstssv.exe
C:\WINDOWS\system32\xkmljyco.dll
C:\WINDOWS\system32\yayxxyw.dll
C:\WINDOWS\wbun.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 08:49 . 2008-02-26 09:13 <DIR> d-------- C:\Program Files\RegCure
2008-02-26 08:07 . 2008-02-26 08:08 67,175 --a------ C:\WINDOWS\BM07b6e5e9.xml
2008-02-26 08:07 . 2008-02-26 08:11 22 --a------ C:\WINDOWS\pskt.ini
2008-02-25 20:09 . 2008-02-25 20:09 <DIR> d-------- C:\Program Files\NoDNS
2008-02-24 23:26 . 2008-02-24 23:26 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-24 18:30 . 2008-02-25 20:09 <DIR> d-------- C:\Program Files\MapEDC
2008-02-23 17:03 . 2008-02-23 17:03 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-02-23 17:02 . 2008-02-23 17:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\xb8
2008-02-23 17:02 . 2008-02-24 02:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\ff3
2008-02-23 17:02 . 2008-02-23 17:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\ez2
2008-02-23 17:02 . 2008-02-23 17:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\cms4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 12:14 --------- d-----w C:\Program Files\Zune
2008-02-06 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-05 18:04 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-13 03:57 --------- d-----w C:\Documents and Settings\Tanya Hawkins\Application Data\Walgreens
2008-01-07 23:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2007-12-30 23:40 --------- d-----w C:\Documents and Settings\Tanya Hawkins\Application Data\AdobeUM
2007-03-01 12:33 43,616 -c--a-w C:\Documents and Settings\Tanya Hawkins\Application Data\GDIPFONTCACHEV1.DAT
2006-05-11 15:29 208,218 -c--a-w C:\Program Files\INSTALL.LOG
2004-06-04 00:00 0 -csh--r C:\Program Files\q330994.exe
2004-05-24 00:56 0 -csh--r C:\Program Files\power scan
2004-05-24 00:56 0 -csh--r C:\Program Files\istsvc
2004-05-24 00:56 0 -csh--r C:\Program Files\internet optimizer
2003-05-21 03:16 8,839,120 -c--a-w C:\Program Files\AcroReader51_ENU.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\cvchost.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\dl.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\dlm.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\msstasks.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\mssys.com
2004-06-04 00:00 0 -csh--r C:\WINDOWS\mstasks1.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\mstaskss.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\msxmidi.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\nem216.dll
2004-06-04 00:00 0 -csh--r C:\WINDOWS\ntldr.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\reg33.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\rocky.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\runwin32.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\seksdialer.exe
2004-05-24 00:56 0 -csh--r C:\WINDOWS\urub.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\wininet32.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM\system.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM\wmscrop.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\d2kpax.dll
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\d2kpax.exe
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\jac.dll
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\msxslab.dll
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\system32.dll
2004-06-04 00:00 0 -csh--r C:\WINDOWS\SYSTEM32\winproc32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24348dc0-ff0b-43af-ab68-5f6f3d89751d}]
C:\WINDOWS\system32\cmecdaw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7531A094-8DE8-4648-87E5-F57F8F977929}]
C:\Program Files\Internet Explorer\sibumuxe89104.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 10:01 524288]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22 28672]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 12:30 94208]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-03 05:40 53248]
"uninstal"="regsvr /u /s image.dll" []
"BDSwitchAgent"="c:\progra~1\softwin\bitdef~1\bdswitch.exe" [ ]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 03:46 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26 217088]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-23 18:13 360448]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
C:\Documents and Settings\Chris Hawkins\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [2002-08-09 15:36:20 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]
winlogin.exe [2004-06-03 18:00:12 0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pqldzurt]
pqldzurt.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-05 10:30]
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-05 12:04]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2008-01-07 17:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-03 12:21]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 11:30]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 11:29]
S3 ProcObsrv;Process creation detector.;C:\Program Files\Questionmark\QS\ProcObsrv.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
"2003-02-18 02:19:16 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-02-26 17:36:23 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-26 14:49:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 11:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2008-02-26 11:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 17:46:53
.
2008-02-17 18:40:07 --- E O F ---
3. Hijack This Log File
Logfile of HijackThis v1.99.1
Scan saved at 1:37:58 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.comcas...ter.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....ink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24348dc0-ff0b-43af-ab68-5f6f3d89751d} - C:\WINDOWS\system32\cmecdaw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7531A094-8DE8-4648-87E5-F57F8F977929} - C:\Program Files\Internet Explorer\sibumuxe89104.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [uninstal] regsvr /u /s image.dll
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://photo.walgree...tlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171164480687
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www40.wirele...SyncInstall.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: pqldzurt - pqldzurt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)