OK, I followed all your instructions except that I cannot install a firewall. My Windows Firewall is functioning, though.
Here are the logs you requested.
ComboFix 08-05-07.1 - Janet_2 2008-05-09 21:16:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.371 [GMT -5:00]
Running from: C:\Documents and Settings\Janet_2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Janet_2\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\{d7eb8db8-278f-378a-62cf-79b3ec1f1bba}.dll
C:\WINDOWS\system32\{d7eb8db8-278f-378a-62cf-79b3ec1f1bba}.dll-uninst.exe
C:\WINDOWS\system32\ctlmidi.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\portclss.sys
C:\WINDOWS\system32\g10.exe
C:\WINDOWS\system32\logv32.dll
C:\WINDOWS\system32\qcntmkdm.exe
C:\WINDOWS\system32\qoMCtTmL.dll
C:\WINDOWS\system32\qomMgHYp.dll
C:\WINDOWS\system32\regnet.dll
C:\WINDOWS\system32\urlmap.dll
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\fqhunqzm
C:\Temp\maxsv15
C:\Temp\maxsv15\rLCubd.log
C:\temp\tn3
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\{d7eb8db8-278f-378a-62cf-79b3ec1f1bba}.dll-uninst.exe
C:\WINDOWS\system32\12033
C:\WINDOWS\system32\bkEur05
C:\WINDOWS\system32\cdTMP
C:\WINDOWS\system32\cNF
C:\WINDOWS\system32\cNF\srkcont3.exe
C:\WINDOWS\system32\ctlmidi.dll
C:\WINDOWS\system32\din3
C:\WINDOWS\system32\g10.exe
C:\WINDOWS\system32\logv32.dll
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PORTCLSS
-------\Service_portclss
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-09 21:26 . 2008-05-09 21:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-09 21:26 . 2008-05-09 21:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 21:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-09 20:59 . 2008-05-09 20:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-08 17:54 . 2008-05-08 17:54 210,416 --a------ C:\Program Files\zaSetup_en.exe
2008-05-07 23:28 . 2008-05-08 17:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-07 23:28 . 2008-05-07 23:28 <DIR> d-------- C:\Documents and Settings\Janet_2\Application Data\SUPERAntiSpyware.com
2008-05-07 23:28 . 2008-05-07 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-07 21:06 . 2008-05-07 21:06 <DIR> d-------- C:\VundoFix Backups
2008-05-07 20:48 . 2008-05-07 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 20:44 . 2008-05-07 20:44 812,344 --a------ C:\Program Files\HiJackThisInstall.exe
2008-05-07 20:00 . 2008-05-07 20:00 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-06 18:29 . 2008-05-06 18:32 <DIR> d-------- C:\Documents and Settings\Janet temp\Application Data\AVG7
2008-05-06 18:27 . 2008-05-06 23:11 <DIR> d-------- C:\Documents and Settings\Janet temp
2008-05-06 18:27 . 2008-05-09 21:24 1,024 --ah----- C:\Documents and Settings\Janet temp\ntuser.dat.LOG
2008-05-06 18:24 . 2008-05-06 18:24 <DIR> d-------- C:\Temp\FixEngine
2008-05-06 18:24 . 2008-05-06 18:24 <DIR> d-------- C:\Program Files\Hp
2008-05-05 22:42 . 2008-05-09 21:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 22:42 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-05 22:42 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-05 22:42 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-05 22:42 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-05 22:41 . 2008-05-09 06:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-05 22:41 . 2008-05-05 22:41 <DIR> d-------- C:\Documents and Settings\Janet_2\Application Data\PC Tools
2008-05-05 20:50 . 2008-05-08 23:32 <DIR> d--hs---- C:\Documents and Settings\Janet_2\!
2008-05-05 20:48 . 2008-05-09 21:17 <DIR> d-------- C:\Temp
2008-05-05 20:48 . 2008-05-06 02:35 <DIR> d-------- C:\Program Files\winvi
2008-05-04 00:37 . 2008-05-04 00:37 4,949,880 --a------ C:\Program Files\LimeWireWin.exe
2008-04-30 13:21 . 2008-04-30 13:21 54,784 --a------ C:\dormapplication.doc
2008-04-28 16:58 . 2008-05-06 23:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-12 09:57 . 2008-04-12 09:57 <DIR> d-------- C:\Program Files\QuickBooks Online Backup
2008-04-11 18:48 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-11 18:48 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-11 18:48 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-11 18:48 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-11 18:48 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-11 18:47 . 2008-04-11 18:47 40 --a------ C:\WINDOWS\nero.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 02:00 --------- d-----w C:\Program Files\Java
2008-05-09 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-09 05:55 --------- d-----w C:\Documents and Settings\Janet_2\Application Data\AVG7
2008-05-08 04:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 01:55 --------- d-----w C:\Documents and Settings\Janet_2\Application Data\LimeWire
2008-05-05 23:35 --------- d-----w C:\Program Files\LimeWire
2008-05-03 14:32 --------- d-----w C:\Program Files\World of Warcraft
2008-05-03 14:32 --------- d-----w C:\Program Files\PhoTags Express
2008-04-27 17:16 --------- d-----w C:\Documents and Settings\Janet_2\Application Data\PhotoLine
2008-04-11 23:48 --------- d-----w C:\Program Files\Ahead
2008-03-27 06:12 --------- d-----w C:\Program Files\Google
2008-03-20 15:29 --------- d-----w C:\Documents and Settings\Janet_2\Application Data\Move Networks
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 16:22 --------- d-----w C:\Documents and Settings\PJ\Application Data\PhotoLine
2008-03-12 16:08 --------- d-----w C:\Documents and Settings\PJ\Application Data\ArcSoft
2008-03-03 04:35 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-03 02:53 21,364,592 ----a-w C:\Program Files\aaw2007.exe
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-17 02:35 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-19 22:48 2,636,952 ----a-w C:\Program Files\fmsetup.exe
2007-06-27 04:28 2,031,550 ----a-w C:\Program Files\AnyplaceControlInstall.exe
2007-06-27 03:35 600,107 ----a-w C:\Program Files\addrmon.zip
2007-06-11 03:16 4,372,343 ----a-w C:\Program Files\TH11_Series_FWUtility_v1.8.exe
2007-06-05 17:29 169,560 ----a-w C:\Program Files\o2ksr1a.exe
2007-06-05 17:23 132,968 ----a-w C:\Program Files\293623.exe
2007-06-05 17:15 55,088 ----a-w C:\Program Files\MFInstall.exe
2007-05-13 17:36 37,873,216 ----a-w C:\Program Files\iTunesSetup.exe
2007-05-11 19:33 717 ----a-w C:\Documents and Settings\PJ\Application Data\waver.dat
2007-05-03 02:07 1,569,544 ----a-w C:\Program Files\IE6.0sp1-KB888092-Windows-2000-XP-x86-ENU.exe
2007-01-07 02:16 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-12-30 05:49 1,605,632 ----a-w C:\Program Files\GoogleWebAcceleratorSetup.msi
2006-12-02 05:09 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2006-11-24 13:42 4,086,568 ----a-w C:\Program Files\LocationFinderSetup.exe
2006-11-19 23:07 19,972,080 ----a-w C:\Program Files\GoogleSketchUpWEN.exe
2006-11-12 18:46 662,319 ----a-w C:\Program Files\DVD_Shrink_3_2_b_w_IB.zip
2006-11-12 18:45 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2006-11-04 15:26 5,460,144 ----a-w C:\Program Files\Shockwave_Installer_Full.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\Janet_2\! ----
((((((((((((((((((((((((((((( snapshot@2008-05-08_19.12.37.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 23:58:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 02:24:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-08 04:28:46 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-05-09 04:37:47 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2008-05-08 04:28:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-09 04:37:47 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-05-08 04:28:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-09 04:37:48 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2006-09-22 03:35:40 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2008-05-10 01:53:05 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2008-02-22 07:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 06:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 07:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 08:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 07:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-05-10 01:08:55 1,093,632 ----a-w C:\WINDOWS\system32\utilact\{120B743A-8F20-E6A0-C58B-F4EDB2A2FEED}.dat
- 2008-05-09 00:01:16 1,110,016 ----a-w C:\WINDOWS\system32\utilact\{29CA9BCF-7CF7-DD03-3064-35D643613FD6}.dat
+ 2008-05-10 01:08:55 1,110,016 ----a-w C:\WINDOWS\system32\utilact\{29CA9BCF-7CF7-DD03-3064-35D643613FD6}.dat
+ 2008-05-10 01:08:55 1,093,632 ----a-w C:\WINDOWS\system32\utilact\{32E8BE33-27D6-C643-CC41-17CDA76E1DCD}.dat
- 2008-05-09 00:01:16 2,193,408 ----a-w C:\WINDOWS\system32\utilact\{473C0250-01EE-B3F6-AFFD-C3B8DBF8C9B8}.dat
+ 2008-05-10 01:08:55 2,193,408 ----a-w C:\WINDOWS\system32\utilact\{473C0250-01EE-B3F6-AFFD-C3B8DBF8C9B8}.dat
+ 2008-05-10 01:08:55 2,193,408 ----a-w C:\WINDOWS\system32\utilact\{58FA0A8F-F7F0-AC51-70F5-05A704DC0FA7}.dat
+ 2008-05-10 01:08:55 8,775,680 ----a-w C:\WINDOWS\system32\utilact\{5ED0C87A-7CA0-AA7A-8537-2FA1EC1B25A1}.dat
+ 2008-05-10 01:08:55 8,693,760 ----a-w C:\WINDOWS\system32\utilact\{6C37D15C-B880-989F-A32E-C893CA13C293}.dat
- 2008-05-09 00:01:16 6,313,984 ----a-w C:\WINDOWS\system32\utilact\{82BAE750-20A2-7B11-AF18-457DDB234F7D}.dat
+ 2008-05-10 01:08:55 6,313,984 ----a-w C:\WINDOWS\system32\utilact\{82BAE750-20A2-7B11-AF18-457DDB234F7D}.dat
+ 2008-05-10 01:08:55 8,808,448 ----a-w C:\WINDOWS\system32\utilact\{86FF6A7E-CBA2-7256-8195-0079E8BB0A79}.dat
+ 2008-05-10 01:08:55 8,742,912 ----a-w C:\WINDOWS\system32\utilact\{9FBF4202-0537-6B14-FDBD-406094974A60}.dat
- 2008-05-09 00:01:16 15,555,584 ----a-w C:\WINDOWS\system32\utilact\{BE164344-8533-459B-BBBC-E941CFD0E341}.dat
+ 2008-05-10 01:08:55 15,555,584 ----a-w C:\WINDOWS\system32\utilact\{BE164344-8533-459B-BBBC-E941CFD0E341}.dat
+ 2008-05-10 01:08:55 1,110,016 ----a-w C:\WINDOWS\system32\utilact\{C52D3236-CF49-3186-C9CD-D23ABAE4D83A}.dat
+ 2008-05-10 01:08:55 8,775,680 ----a-w C:\WINDOWS\system32\utilact\{DED45B3A-7444-2A7E-C5A4-2B21AC892121}.dat
+ 2008-05-10 01:08:55 1,093,632 ----a-w C:\WINDOWS\system32\utilact\{E311FC9D-BEE8-17B8-6203-EE1C112CE41C}.dat
+ 2008-05-10 01:08:55 8,710,144 ----a-w C:\WINDOWS\system32\utilact\{E778A79E-B3AA-13D1-6158-871808778D18}.dat
- 2008-05-09 00:01:16 8,742,912 ----a-w C:\WINDOWS\system32\utilact\{F0A108F5-1892-0468-0AF7-5E0F63FF540F}.dat
+ 2008-05-10 01:08:55 8,742,912 ----a-w C:\WINDOWS\system32\utilact\{F0A108F5-1892-0468-0AF7-5E0F63FF540F}.dat
+ 2008-05-10 01:08:55 2,177,024 ----a-w C:\WINDOWS\system32\utilact\{F4D267E4-FE77-007B-1B98-2D0B6FB6270B}.dat
+ 2008-05-10 01:08:55 8,742,912 ----a-w C:\WINDOWS\system32\utilact\{FA8985CD-78B2-0E22-327A-76055B537C05}.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2003-07-13 02:49 1179648]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-08 17:38 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 15:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 15:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 15:36 114688]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 03:15 579584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-23 22:02 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 17:45 249904]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 03:14 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\PJ\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-05-02 17:38:08 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-08 17:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 17:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
--a------ 2007-01-12 17:45 249904 C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2006-11-14 14:22 121640 C:\Program Files\Microsoft Location Finder\LocationFinder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2008-05-07 23:42 0 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-24 10:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-23 22:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"GoToMyPC"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Documents and Settings\\Janet\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Documents and Settings\\PJ\\My Documents\\WoW\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{009c0447-6920-11db-b8fc-00188b08c578}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-07 00:37:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 01:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-09 07:56:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-03-13 09:00:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162428753.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-05-10 01:12:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AA74547E-B8D4-4C8B-AFD6-E7F02E17902F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-09 21:25:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
.
**************************************************************************
.
Completion time: 2008-05-09 21:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 02:36:18
ComboFix2.txt 2008-05-09 00:15:10
Pre-Run: 24,943,501,312 bytes free
Post-Run: 25,058,070,528 bytes free
337 --- E O F --- 2008-04-09 08:08:01
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:26 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060921
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://localhost:9100/proxy.pacR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?55004bcd5e2e40328090bb7468ad8a8d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?55004bcd5e2e40328090bb7468ad8a8d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin....nderControl.cabO16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) -
http://h20264.www2.h...nosticsxp2k.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase8300.cabO16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) -
http://www.myheritag...EngineQuery.dllO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://72.32.179.44/...ewer/isetup.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 10819 bytes