Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.179 [GMT -7:00]Running from: C:\Documents and Settings\Jim and Les\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jim and Les\err.log
C:\Program Files\SoftPortal
C:\Program Files\SoftPortal\Soft\ATGE\ATGE.part001.rar
C:\Program Files\SoftPortal\Soft\ATGE\ATGE.part002.rar
C:\Program Files\SoftPortal\Soft\ATGE\info.txt
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part001.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part002.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\info.txt
C:\Program Files\SoftPortal\Soft\Auswise\ui.uim
C:\Program Files\SoftPortal\Soft\RTNKa\ui.uim
C:\Program Files\SoftPortal\Soft\XBS\ui.uim
C:\Program Files\SoftPortal\Soft\YellowB\info.txt
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part01.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part02.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part03.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part04.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part06.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part07.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part08.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part09.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part10.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part11.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part12.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part13.rar
C:\WINDOWS\Help\access.hp
C:\WINDOWS\Help\verifier.hp
C:\WINDOWS\System32\advpackc.dll
C:\WINDOWS\system32\appcert
C:\WINDOWS\system32\baaecedadbfcdc.dll
C:\WINDOWS\system32\clbcat.dll
C:\WINDOWS\system32\drivers\trwlfepy.dat
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
----- BITS: Possible infected sites -----
hxxp://xpsite.org
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EMMIAZFS
-------\Legacy_MICROSOFT_INTERNET_EXPLORER
-------\Legacy_WINDOWS_MANAGEMENT_SERVICE
-------\Legacy_XNIHXKWC
-------\Service_emmiazfs
-------\Service_xnihxkwc
-------\emmiazfs\Parameters
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-16 21:24 . 2008-03-17 05:15 <DIR> d-------- C:\fixwareout
2008-03-16 21:15 . 2008-03-16 21:15 486,449 --a------ C:\Fixwareout.exe
2008-03-16 16:01 . 2008-03-16 16:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-16 15:22 . 2008-03-16 15:22 28,672 --a------ C:\tmp.hiv
2008-03-16 15:22 . 2008-03-16 15:22 102 --a------ C:\Pass2.reg
2008-03-16 15:19 . 2008-03-16 15:20 275,025 --a------ C:\Pass2.cmd
2008-03-16 14:48 . 2008-03-16 15:19 2,492 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-16 14:46 . 2008-03-16 15:36 <DIR> d-------- C:\SmitfraudFix
2008-03-16 14:45 . 2008-03-16 14:45 1,305,211 --a------ C:\SmitfraudFix.exe
2008-03-16 14:45 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-16 14:45 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-16 14:45 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-16 14:45 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-16 14:45 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-16 14:45 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-16 14:45 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-16 13:07 . 2008-03-16 13:07 <DIR> d-------- C:\Deckard
2008-03-10 10:52 . 2008-03-10 10:52 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-03-10 10:52 . 2008-03-10 10:52 741,632 --a------ C:\WINDOWS\system32\ikmlqnun.dat
2008-03-10 10:52 . 2008-03-10 10:52 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-03-10 10:52 . 2008-03-10 10:52 42,752 --a------ C:\WINDOWS\system32\eycdbwuq.dat
2008-03-10 10:52 . 2008-03-10 10:52 35,072 --a------ C:\WINDOWS\system32\ynhxpntj.dat
2008-03-10 10:50 . 2008-03-10 10:50 36,608 --a------ C:\WINDOWS\system32\xchwskfb.dat
2008-03-10 10:42 . 2008-03-10 10:42 108,563 --------- C:\WINDOWS\system32\243e38a674668a2ab05932ac045a0ffb.TMP
2008-03-09 14:54 . 2008-03-09 14:54 108,563 --------- C:\WINDOWS\system32\75588ec1ce7b49203a0dbb8f0c3c3034.TMP
2008-03-09 14:24 . 2008-03-09 14:24 108,563 --------- C:\WINDOWS\system32\93acf499499ef41725ca99c8f19d5d66.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 02:25 1,631,232 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-09 21:18 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-09 21:01 2,654,208 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-09 21:01 1,609,216 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-08-18 21:52 1,442,304 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-08-17 12:29 1,440,768 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-07-09 23:28 2,646,016 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-06-28 15:54 2,638,848 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-06-23 00:14 1,541,632 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-06-20 02:55 2,641,408 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-06-20 02:55 1,409,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-06-13 17:43 17,144 ----a-w C:\Documents and Settings\Jim and Les\Application Data\GDIPFONTCACHEV1.DAT
2007-03-13 17:36 784 ----a-w C:\Documents and Settings\Jim and Les\Application Data\mpauth.dat
2004-03-03 23:21 5,248,688 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2004-01-06 22:15 1,131,008 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2003-12-05 23:31 452,608 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2003-12-05 23:31 1,518,592 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2003-12-05 20:29 585,728 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2003-12-05 20:29 1,518,080 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2003-12-05 12:07 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2003-12-05 04:51 764,928 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2003-12-05 00:43 246,784 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2003-12-05 00:43 1,513,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2003-12-04 23:09 344,576 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2003-12-04 19:47 7,769,600 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37FF719A-A736-4FAB-8CBF-7B905277648D}]
C:\DOCUME~1\JIMAND~1\LOCALS~1\Temp\~util32.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2004-03-08 18:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2004-03-08 18:11 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2004-03-08 18:11 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]
@={44619834-2625-3355-7114-2227808DB8A3}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]
@={D224AC35-D67A-811A-5D3D-D9C74C09A83B}
[HKEY_CLASSES_ROOT\CLSID\{44619834-2625-3355-7114-2227808DB8A3}]
C:\WINDOWS\System32\SoUI.dll
[HKEY_CLASSES_ROOT\CLSID\{D224AC35-D67A-811A-5D3D-D9C74C09A83B}]
C:\WINDOWS\System32\\rtnka.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 20:05 1498032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-12 22:16 171448]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-09 14:17 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"iRiver Updater"="\Updater.exe" [2004-07-01 14:20 212992]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 16:22 7618560]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}"= C:\DOCUME~1\JIMAND~1\LOCALS~1\Temp\wndutl32.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-09 14:17 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 20:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 18:50:01
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-17 18:54:41 - machine was rebooted [Jim and Les]
ComboFix-quarantined-files.txt 2008-03-18 01:54:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:03 PM, on 3/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Updater.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DirectPluginX Class - {37FF719A-A736-4FAB-8CBF-7B905277648D} - C:\DOCUME~1\JIMAND~1\LOCALS~1\Temp\~util32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187710023227
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1187709996290
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlonte...2ie06041001.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\JIMAND~1\LOCALS~1\Temp\wndutl32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7275 bytes