Okay here is ComboFix and the HiJackThis Logs. Thank you for your time!
ComboFix 08-04-26.3 - Owner 2008-04-30 17:26:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.183 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\licencia.txt
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.
2008-04-30 17:23 . 2008-04-30 17:23 67 --a------ C:\NtfA.tmp
2008-04-30 17:23 . 2008-04-30 17:23 67 --a------ C:\Ntf9.tmp
2008-04-30 10:50 . 2008-04-30 10:50 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-30 09:13 . 2008-04-30 09:14 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-29 15:16 . 2008-04-29 15:16 <DIR> d-------- C:\Program Files\Avery Dennison
2008-04-29 15:15 . 2008-04-29 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avery
2008-04-25 08:13 . 2008-04-25 08:13 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 19:22 . 2008-04-29 21:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-14 21:52 . 2008-04-14 21:52 67 --a------ C:\Ntf8.tmp
2008-04-14 21:52 . 2008-04-14 21:52 67 --a------ C:\Ntf7.tmp
2008-04-13 20:50 . 2008-04-13 20:50 67 --a------ C:\Ntf6.tmp
2008-04-13 20:50 . 2008-04-13 20:50 67 --a------ C:\Ntf5.tmp
2008-04-12 20:25 . 2008-04-12 20:25 67 --a------ C:\Ntf4.tmp
2008-04-12 20:25 . 2008-04-12 20:25 67 --a------ C:\Ntf3.tmp
2008-04-12 11:10 . 2008-04-13 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-12 09:58 . 2008-04-12 09:58 67 --a------ C:\Ntf2.tmp
2008-04-12 09:58 . 2008-04-12 09:58 67 --a------ C:\Ntf1.tmp
2008-04-12 09:13 . 2008-04-12 09:14 110,831,532 --a------ C:\registrybackup.reg
2008-04-11 10:11 . 2008-04-11 10:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-11 10:09 . 2008-04-11 10:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 16:50 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-04-08 16:50 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-04-08 15:25 . 2008-04-08 15:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-08 13:55 . 2008-04-10 18:29 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-08 13:05 . 2008-04-30 04:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-08 13:04 . 2008-04-08 13:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-08 13:04 . 2008-04-08 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-08 08:10 . 2008-04-14 11:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 11:10 . 2008-04-15 20:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 00:46 . 2008-04-07 00:46 3,428 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-04-06 18:38 . 2008-04-08 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-06 17:17 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-06 17:17 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-04-06 17:09 . 2008-04-06 17:09 <DIR> d-------- C:\3c0fc6caaa617172e2cfdd098e
2008-04-06 10:24 . 2008-04-06 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-05 22:46 . 2008-04-12 09:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-05 22:46 . 2008-04-05 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-05 15:05 . 2001-08-23 01:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-04 21:59 . 2008-04-04 21:59 3,262 --a------ C:\WINDOWS\favicon.ico
2008-03-28 16:09 . 2007-03-08 00:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-28 16:09 . 2007-03-08 00:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-28 16:08 . 2008-03-28 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-28 16:05 . 2007-05-02 06:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-28 16:04 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-28 16:03 . 2007-03-08 00:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-28 15:56 . 2007-05-02 04:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-03-28 15:56 . 2007-05-02 05:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-03-28 15:56 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-28 15:56 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-28 15:56 . 2007-05-02 05:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-03-28 15:46 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-28 15:46 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-20 13:35 . 2008-03-20 13:37 <DIR> d-------- C:\Program Files\Emdat
2008-03-19 18:55 . 2008-03-19 18:55 <DIR> d-------- C:\Program Files\eScription
2008-03-19 18:53 . 2008-03-19 18:53 <DIR> d-------- C:\EditScriptMSILogs
2008-03-19 18:51 . 2008-03-19 18:51 <DIR> d-------- C:\Documents and Settings\Owner\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 13:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-04-30 01:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-29 22:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-04-29 19:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 15:10 --------- d-----w C:\Program Files\Lavasoft
2008-04-03 13:53 --------- d-----w C:\Program Files\QLEDR05
2008-03-31 09:16 --------- d-----w C:\Program Files\AIM6
2008-03-31 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-31 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-31 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-20 21:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Internet Explorer
2008-03-20 21:34 --------- d-----w C:\Program Files\GoldPocket
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 19:30 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-03-07 02:14 --------- d-----w C:\Program Files\Java
2008-02-29 18:20 92,464 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2006-06-12 14:44 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2003-08-31 19:33 32 --sha-w C:\WINDOWS\{567E7211-6D64-4C22-A829-C17F03F58257}.dat
2003-08-28 12:32 32 --sha-w C:\WINDOWS\{DD873066-2B14-49AB-86D8-F895ABD1AF85}.dat
2003-08-28 12:32 32 --sha-w C:\WINDOWS\system32\{5CE9ABEA-F241-4815-91A6-306832FBAEA5}.dat
2003-08-31 19:33 32 --sha-w C:\WINDOWS\system32\{AF9B2B6F-5424-49AB-8D25-94F7D34E018B}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 03:39 548933 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="NvQTwk" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-14 17:05 579584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-08 13:04 219136]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-01-14 19:35:56 45056]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.nvsadpcm"= nvsadpcm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp instant support.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]
--a------ 2006-07-14 16:36 107008 C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 23:19:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-30 10:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-30 17:34:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\drivers\vmdesched.sys 7168 bytes executable
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll 41023 bytes executable
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\vmdesched.sys"
.
Completion time: 2008-04-30 17:46:35
ComboFix-quarantined-files.txt 2008-04-30 21:45:31
Pre-Run: 88,214,085,632 bytes free
Post-Run: 88,199,454,720 bytes free
181 --- E O F --- 2008-04-30 13:48:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:17 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.foxnews.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.emdat.com (HKLM)
O15 - Trusted Zone: *.mytranscriptions.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://echat.bellsou...oad/tgctlcm.cabO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=67633O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
https://support.micr...veX/MSDcode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?LinkID=39204O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} -
https://www.transcen...bs/wspellam.cabO16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -
https://setup.bellso...aller_4-2-1.cabO16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -
http://disney.go.com...OnlineGames.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
http://photo.walgree...eensActivia.cabO16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://games.king.co...l/kingcomie.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
http://tools.ebayimg...l_v1-0-3-48.cabO16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} -
http://www.wildtange...smmp/wtinst.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1163622349703O16 - DPF: {AFABF0F0-C13E-4AB2-A1A5-8A8101D38155} -
http://workportal.tr...ndTXTClient.CABO16 - DPF: {BEB82CC6-09F3-43EA-BEB1-97188E21035D} -
http://philicast1.mt...d/footpedal.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
http://a.download.to...0.18/ttinst.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
https://tcimt.webex....ort/ieatgpc.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7343 bytes