Thank you
ComboFix Log File:
ComboFix 08-03-30.2 - Chris Lewis 2008-03-30 20:19:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1050 [GMT -7:00]
Running from: C:\Users\Chris Lewis\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-30 20:10 . 2008-03-30 20:10 <DIR> d-------- C:\Users\Chris Lewis\AppData\Roaming\Grisoft
2008-03-30 19:51 . 2008-03-30 19:51 <DIR> d-------- C:\Users\All Users\Google
2008-03-30 19:51 . 2008-03-30 19:51 <DIR> d-------- C:\Program Files\Google
2008-03-30 19:20 . 2008-03-30 19:20 <DIR> d-------- C:\Users\Charles Lewis\AppData\Roaming\Grisoft
2008-03-30 19:20 . 2008-03-30 19:20 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-30 19:20 . 2008-03-30 19:20 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-30 19:20 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-30 18:11 . 2008-03-30 18:12 <DIR> d-------- C:\Users\Charles Lewis\AppData\Roaming\SpywareRemover
2008-03-30 00:12 . 2008-03-30 00:12 <DIR> d-------- C:\Users\All Users\izkrkvst
2008-03-30 00:12 . 2008-03-30 00:12 <DIR> d-------- C:\Users\All Users\bdqtoaau
2008-03-30 00:12 . 2008-03-30 00:12 <DIR> d-------- C:\ProgramData\izkrkvst
2008-03-30 00:12 . 2008-03-30 00:12 <DIR> d-------- C:\ProgramData\bdqtoaau
2008-03-29 13:40 . 2008-03-29 13:39 1,612,672 --a------ C:\Users\Public\CuteWriter.exe
2008-03-27 18:05 . 2008-03-27 18:05 <DIR> d-------- C:\Users\Charles Lewis\AppData\Roaming\Ahead
2008-03-21 18:46 . 2008-03-24 12:58 <DIR> d-------- C:\Users\Charles Lewis\Video
2008-03-12 10:40 . 2008-03-12 10:40 <DIR> d-------- C:\Users\Charles Lewis\AppData\Roaming\Nero
2008-03-12 04:32 . 2008-03-12 04:32 <DIR> d-------- C:\Users\Chris Lewis\AppData\Roaming\Nero
2008-03-12 04:27 . 2008-03-12 04:27 <DIR> d-------- C:\Users\All Users\Nero
2008-03-12 04:27 . 2008-03-12 04:27 <DIR> d-------- C:\ProgramData\Nero
2008-03-12 04:27 . 2008-03-12 04:30 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-12 01:34 . 2008-03-12 01:34 <DIR> d-------- C:\Users\Chris Lewis\AppData\Roaming\Ahead
2008-03-12 01:31 . 2008-03-12 04:27 <DIR> d-------- C:\Program Files\Nero
2008-03-12 01:31 . 2008-03-12 02:03 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-04 21:09 . 2008-03-24 12:58 <DIR> d-------- C:\Users\Charles Lewis\New Folder
2008-03-04 19:30 . 2008-03-04 19:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-04 17:11 . 2008-03-04 17:11 <DIR> d-------- C:\Users\Public\CyberLink
2008-02-14 10:38 . 2008-02-14 10:38 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 10:38 . 2008-02-14 10:38 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 10:25 . 2008-02-14 10:25 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 10:25 . 2008-02-14 10:25 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 10:25 . 2008-02-14 10:25 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 10:25 . 2008-02-14 10:25 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 10:25 . 2008-02-14 10:25 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 10:20 . 2008-02-14 10:20 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-14 10:20 . 2008-02-14 10:20 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-14 10:20 . 2008-02-14 10:20 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-07 19:39 . 2008-02-07 19:39 <DIR> d-------- C:\Users\Charles Lewis\Bluetooth Software
2008-02-05 16:20 . 2008-02-05 16:20 <DIR> d-------- C:\Program Files\Process Explorer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 02:50 --------- d-----w C:\Program Files\Java
2008-03-13 02:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-05 00:11 --------- d-----w C:\Users\Charles Lewis\AppData\Roaming\CyberLink
2008-02-14 17:36 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 17:36 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 17:36 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 17:36 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 17:36 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 17:36 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 17:36 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 17:36 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 17:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-29 23:33 28,095 ----a-w C:\Users\Charles Lewis\AppData\Roaming\nvModes.dat
2008-01-08 13:17 27,905 ----a-w C:\Users\Chris Lewis\AppData\Roaming\nvModes.dat
2007-12-14 02:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-04 16:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-10-26 08:04 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 11:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:11 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 16:41 222128]
"Steam"="C:\Program Files\Steam\Steam.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 13:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 13:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 15:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 14:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 00:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 12:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-26 00:27 1006264]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3500266972-1819349731-3856425731-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{57F43810-F95A-48F3-AE6C-B235A4BC6397}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6DC78487-C830-44FF-8D20-5704586891B0}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F484A255-407E-49C7-BA3D-1BC211257694}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{182E41A9-6DEA-4D93-AAB3-76E4AB77AB96}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{723252D0-5505-4FA7-9652-31665E13239E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F766FB5-0078-4959-8A0D-D344FEB5FD10}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6189ED09-8CFF-4317-8B77-DEDF9674C4B8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4E9138F3-2790-40DE-A1D5-841A5FCAA4A4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{079844E1-3DB2-49C6-8001-FC4F4F5C0DE5}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1BE65E86-7465-4738-AE94-5B98FF4FD4CA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C4AADE18-350E-4CF2-8857-C46660D478A6}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A15AB129-F7BC-41C6-B00C-73C986C3964A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{0FB15E63-01BF-44FA-8F2F-00074F99D48C}"= UDP:C:\Windows\ehome\ehshell.exe:Windows Media Center
"{BAD34172-6DD9-4DE4-A3FD-091D703DB7E8}"= TCP:C:\Windows\ehome\ehshell.exe:Windows Media Center
"TCP Query User{BA00E139-DE7E-447B-AF4E-D2FAA0B535E9}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{D0FEA251-8202-4EC1-BA0F-F6DBBA514444}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 07:52]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 20:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 20:34]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 02:41]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 06:12]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 06:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 06:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 14:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-01-03 07:46]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-15 09:48]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 01:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 03:25:23 C:\Windows\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Program Files\SpywareRemover\SpywareRemover.ex
- C:\Program Files\SpywareRemover
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 20:27:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2008-03-30 20:30:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-31 03:30:51
Pre-Run: 53,858,336,768 bytes free
Post-Run: 53,586,825,216 bytes free
.
2008-03-13 02:46:38 --- E O F ---
HijackThis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:11 PM, on 3/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9425 bytes