Original ComboFix:ComboFix 08-05-07.1 - Eugene 2008-05-09 2:30:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.652 [GMT -7:00]
Running from: D:\Documents and Settings\Eugene\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-08 17:19 . 2008-05-08 20:07 <DIR> d----c--- D:\Program Files\SUPERAntiSpyware
2008-05-08 17:19 . 2008-05-08 17:19 <DIR> d----c--- D:\Documents and Settings\Eugene\Application Data\SUPERAntiSpyware.com
2008-05-08 17:19 . 2008-05-08 17:19 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-08 03:20 . 2008-05-09 02:30 1,024 --ah----- D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 11:04 . 2008-05-06 11:04 <DIR> d----c--- D:\Documents and Settings\Administrator.GENE
2008-05-06 11:04 . 2008-05-09 02:30 1,024 --ah----- D:\Documents and Settings\Administrator.GENE\NTUSER.DAT.LOG
2008-05-05 03:11 . 2008-05-05 03:11 <DIR> d----c--- D:\Program Files\Trend Micro
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Documents and Settings\Eugene\Application Data\Malwarebytes
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 19:29 . 2008-05-03 19:29 <DIR> d----c--- D:\WINDOWS\system32\Kaspersky Lab
2008-05-03 19:29 . 2008-05-03 19:29 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 15:25 . 2008-05-03 15:25 <DIR> d----c--- D:\Documents and Settings\Administrator
2008-05-03 15:25 . 2008-05-09 02:30 1,024 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-03 03:17 . 2008-05-06 13:16 <DIR> d----c--- D:\Program Files\SpywareGuard
2008-05-03 03:13 . 2008-05-06 13:17 <DIR> d----c--- D:\Program Files\SpywareBlaster
2008-05-03 03:13 . 2008-05-03 03:13 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 03:13 . 2005-08-25 18:18 118,784 --a--c--- D:\WINDOWS\system32\MSSTDFMT.DLL
2008-05-03 03:13 . 2005-08-25 18:19 115,920 --a--c--- D:\WINDOWS\system32\MSINET.OCX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 02:07 --------- dc----w D:\Program Files\Warcraft III
2008-05-09 00:18 --------- dc----w D:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 04:04 --------- dc----w D:\Program Files\SopCast
2008-05-08 04:04 --------- dc----w D:\Program Files\AutoHotkey
2008-05-04 20:50 --------- dc----w D:\Program Files\Java
2008-05-03 09:57 --------- dc----w D:\Documents and Settings\Eugene\Application Data\uTorrent
2008-04-20 22:50 --------- dc----w D:\Program Files\ClamWin
2008-04-14 00:53 --------- dc----w D:\Program Files\Paint.NET
2008-04-08 05:56 --------- dc----w D:\Documents and Settings\Eugene\Application Data\Joost
2008-03-30 02:46 --------- dc----w D:\Program Files\Joost
2008-03-28 20:41 --------- dc----w D:\Program Files\Winamp
2008-03-28 20:40 --------- dc----w D:\Documents and Settings\Eugene\Application Data\Winamp
2008-03-24 23:07 --------- dc----w D:\Program Files\Microsoft Bootvis
2008-03-19 09:47 1,845,248 -c--a-w D:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 -c--a-w D:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 -c--a-w D:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w D:\WINDOWS\system32\dnsrslvr.dll
2008-02-10 00:34 691,545 -c--a-w D:\WINDOWS\unins000.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 14:48 479232]
"ClamWin"="D:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
D:\Documents and Settings\Eugene\Start Menu\Programs\Startup\
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Steam\\steamapps\\
[email protected]\\counter-strike\\hl.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Warcraft III\\war3.exe"=
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Program Files\\SopCast\\sopvod.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Warcraft III\\listchecker\\pickup.listchecker.exe"=
"D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft Bnet
R0 SI3112;SiI-3512 SATALink Controller;D:\WINDOWS\system32\DRIVERS\SI3112.sys [2007-01-26 13:55]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;D:\WINDOWS\system32\drivers\Envy24HF.sys [2007-03-15 09:56]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;D:\DOCUME~1\Eugene\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-11-06 13:22]
*Newly Created Service* - SASDIFSV
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-09 02:32:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-09 2:35:00
ComboFix-quarantined-files.txt 2008-05-09 09:34:13
ComboFix2.txt 2008-05-08 11:36:23
Pre-Run: 23,502,180,352 bytes free
Post-Run: 23,654,260,736 bytes free
113 --- E O F --- 2008-04-08 18:13:15
2nd Combofix with dragged cfscript.txt:ComboFix 08-05-07.1 - Eugene 2008-05-09 2:36:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT -7:00]
Running from: D:\Documents and Settings\Eugene\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Eugene\Desktop\cfscript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\SYSTEM32\DLH9JKD1Q8.EXE
C:\WINDOWS\SYSTEM32\WINSUB.XML
D:\DOCUMENTS AND SETTINGS\EUGENE\DESKTOP\MISC\EVID4226PATCH.EXE
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-08 17:19 . 2008-05-08 20:07 <DIR> d----c--- D:\Program Files\SUPERAntiSpyware
2008-05-08 17:19 . 2008-05-08 17:19 <DIR> d----c--- D:\Documents and Settings\Eugene\Application Data\SUPERAntiSpyware.com
2008-05-08 17:19 . 2008-05-08 17:19 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-08 03:20 . 2008-05-09 02:30 1,024 --ah----- D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 11:04 . 2008-05-06 11:04 <DIR> d----c--- D:\Documents and Settings\Administrator.GENE
2008-05-06 11:04 . 2008-05-09 02:30 1,024 --ah----- D:\Documents and Settings\Administrator.GENE\NTUSER.DAT.LOG
2008-05-05 03:11 . 2008-05-05 03:11 <DIR> d----c--- D:\Program Files\Trend Micro
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Documents and Settings\Eugene\Application Data\Malwarebytes
2008-05-04 00:15 . 2008-05-04 00:15 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 19:29 . 2008-05-03 19:29 <DIR> d----c--- D:\WINDOWS\system32\Kaspersky Lab
2008-05-03 19:29 . 2008-05-03 19:29 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 15:25 . 2008-05-03 15:25 <DIR> d----c--- D:\Documents and Settings\Administrator
2008-05-03 15:25 . 2008-05-09 02:30 1,024 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-03 03:17 . 2008-05-06 13:16 <DIR> d----c--- D:\Program Files\SpywareGuard
2008-05-03 03:13 . 2008-05-06 13:17 <DIR> d----c--- D:\Program Files\SpywareBlaster
2008-05-03 03:13 . 2008-05-03 03:13 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 03:13 . 2005-08-25 18:18 118,784 --a--c--- D:\WINDOWS\system32\MSSTDFMT.DLL
2008-05-03 03:13 . 2005-08-25 18:19 115,920 --a--c--- D:\WINDOWS\system32\MSINET.OCX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 02:07 --------- dc----w D:\Program Files\Warcraft III
2008-05-09 00:18 --------- dc----w D:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 04:04 --------- dc----w D:\Program Files\SopCast
2008-05-08 04:04 --------- dc----w D:\Program Files\AutoHotkey
2008-05-04 20:50 --------- dc----w D:\Program Files\Java
2008-05-03 09:57 --------- dc----w D:\Documents and Settings\Eugene\Application Data\uTorrent
2008-04-20 22:50 --------- dc----w D:\Program Files\ClamWin
2008-04-14 00:53 --------- dc----w D:\Program Files\Paint.NET
2008-04-08 05:56 --------- dc----w D:\Documents and Settings\Eugene\Application Data\Joost
2008-03-30 02:46 --------- dc----w D:\Program Files\Joost
2008-03-28 20:41 --------- dc----w D:\Program Files\Winamp
2008-03-28 20:40 --------- dc----w D:\Documents and Settings\Eugene\Application Data\Winamp
2008-03-24 23:07 --------- dc----w D:\Program Files\Microsoft Bootvis
2008-03-19 09:47 1,845,248 -c--a-w D:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 -c--a-w D:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 -c--a-w D:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w D:\WINDOWS\system32\dnsrslvr.dll
2008-02-10 00:34 691,545 -c--a-w D:\WINDOWS\unins000.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 14:48 479232]
"ClamWin"="D:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
D:\Documents and Settings\Eugene\Start Menu\Programs\Startup\
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Steam\\steamapps\\
[email protected]\\counter-strike\\hl.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Warcraft III\\war3.exe"=
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Program Files\\SopCast\\sopvod.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Program Files\\Warcraft III\\listchecker\\pickup.listchecker.exe"=
"D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft Bnet
R0 SI3112;SiI-3512 SATALink Controller;D:\WINDOWS\system32\DRIVERS\SI3112.sys [2007-01-26 13:55]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;D:\WINDOWS\system32\drivers\Envy24HF.sys [2007-03-15 09:56]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;D:\DOCUME~1\Eugene\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-11-06 13:22]
*Newly Created Service* - SASDIFSV
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-09 02:36:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-09 2:37:57
ComboFix-quarantined-files.txt 2008-05-09 09:37:54
ComboFix2.txt 2008-05-09 09:35:01
ComboFix3.txt 2008-05-08 11:36:23
Pre-Run: 23,639,949,312 bytes free
Post-Run: 23,625,969,664 bytes free
119 --- E O F --- 2008-04-08 18:13:15
HijackThis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:22 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\Program Files\ClamWin\bin\ClamTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\FolderSize\FolderSizeSvc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClamWin] "D:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1008570530140O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
--
End of file - 5730 bytes