Okay.
Here's the Combofix Log:
ComboFix 09-04-25.A3 - Owner 04/25/2009 16:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1215.671 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\kiseluzo.exe
c:\windows\system32\kotafeka.exe
c:\windows\system32\vezenija.exe
c:\windows\system32\vumehijo.exe
c:\windows\system32\zavikoti.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kiseluzo.exe
c:\windows\system32\kotafeka.exe
c:\windows\system32\vezenija.exe
c:\windows\system32\vumehijo.exe
c:\windows\system32\zadeweve.exe
c:\windows\system32\zavikoti.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-25 07:39 . 2009-04-25 07:39 -------- d-----w c:\windows\LastGood
2009-04-24 16:46 . 2009-04-24 16:46 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-04-24 16:45 . 2009-04-24 16:45 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-24 16:45 . 2009-04-24 16:45 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-04-24 05:13 . 2009-04-24 05:13 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-24 05:13 . 2009-04-24 05:13 1409 ----a-w c:\windows\QTFont.for
2009-04-24 01:27 . 2009-04-24 01:27 -------- d-----w c:\program files\Trend Micro
2009-04-23 09:39 . 2009-04-23 09:39 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-23 07:49 . 2009-04-23 07:49 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-04-23 07:48 . 2009-04-23 07:48 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-04-23 07:36 . 2009-04-23 07:36 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-04-23 07:28 . 2009-04-23 07:31 -------- dc-h--w c:\windows\ie8
2009-04-23 07:27 . 2009-04-23 07:33 -------- d--h--w c:\windows\msdownld.tmp
2009-04-22 06:01 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-22 06:00 . 2009-04-22 06:00 -------- d-----w c:\program files\Panda Security
2009-04-21 21:39 . 2009-04-21 21:39 -------- d-----w c:\windows\ERUNT
2009-04-21 21:30 . 2009-04-21 21:30 -------- d-----w C:\SDFix
2009-04-17 22:34 . 2009-04-17 23:00 -------- d-----w c:\documents and settings\Owner\Application Data\IObit
2009-04-17 22:34 . 2009-04-17 22:34 -------- d-----w c:\program files\IObit
2009-04-17 15:40 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-17 04:23 . 2009-04-17 04:23 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-17 04:23 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-17 04:20 . 2009-04-17 04:20 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 04:19 . 2009-04-17 04:23 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-17 04:19 . 2009-04-17 04:19 -------- d-----w c:\program files\Lavasoft
2009-04-07 03:15 . 2009-04-07 03:20 -------- d-----w c:\program files\MSECache
2009-04-01 02:28 . 2009-04-01 02:28 -------- d-----w c:\program files\Audacity
2009-04-01 02:24 . 2009-04-01 02:24 -------- d-----w c:\program files\Lame for Audacity
2009-04-01 01:45 . 2002-08-23 03:27 348160 ----a-w c:\windows\system32\FlatBtn6.ocx
2009-04-01 01:45 . 2001-12-12 15:35 348160 ----a-w c:\windows\system32\MEnc.ocx
2009-04-01 01:45 . 2009-04-01 01:45 -------- d-----w c:\program files\WAV to MP3 Encoder
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 02:41 . 2009-04-17 15:46 2684 ----a-w C:\aaw7boot.log
2009-04-25 02:13 . 2009-02-11 05:35 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 05:53 . 2008-11-02 02:23 -------- d-----w c:\program files\XAimer
2009-04-19 05:53 . 2009-03-14 00:24 -------- d-----w c:\program files\WMA To MP3 Encoder
2009-04-19 05:52 . 2009-03-14 00:11 -------- d-----w c:\program files\NCH Swift Sound
2009-04-19 05:50 . 2008-05-12 09:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 15:43 . 2009-03-23 18:41 -------- d-----w c:\documents and settings\Owner\Application Data\StumbleUpon
2009-04-12 08:44 . 2008-11-03 00:52 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-04-09 20:10 . 2008-05-13 23:34 3366 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-04-09 12:51 . 2009-02-11 05:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-09 12:51 . 2009-02-11 05:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-09 12:51 . 2009-02-11 05:36 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-01 05:47 . 2009-02-11 09:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-26 20:49 . 2009-02-11 09:47 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 . 2009-02-11 09:47 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-20 18:39 . 2009-03-20 03:46 -------- d-----w c:\documents and settings\Owner\Application Data\Nvu
2009-03-20 03:42 . 2009-03-20 03:42 -------- d-----w c:\program files\Chami
2009-03-14 00:31 . 2009-03-14 00:11 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-03-14 00:14 . 2009-03-14 00:14 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-14 00:11 . 2009-03-14 00:11 -------- d-----w c:\program files\NCH Software
2009-03-08 21:38 . 2008-05-13 23:29 -------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2009-03-08 08:34 . 2004-08-26 16:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-26 16:11 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-26 16:11 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-26 16:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-26 16:11 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-26 16:11 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-26 16:11 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-26 16:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-26 16:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-26 16:12 156160 ----a-w c:\windows\system32\msls31.dll
2008-12-24 17:10 . 2008-05-13 23:34 37656 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-04-25_02.49.23 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-09 12:51 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_mfu_us.cmd]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_mfu_us.cmd
backup=c:\windows\pss\run_mfu_us.cmdCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
backup=c:\windows\pss\run_startmenu.cmdCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22749:TCP"= 22749:TCP:BitComet 22749 TCP
"22749:UDP"= 22749:UDP:BitComet 22749 UDP
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-09 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-09 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-09 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
2008-10-23 c:\windows\Tasks\FRU Task 2002-05-29 22:13ewlett-Packard2002-05-29 22:13p psc 2100 seriesABB26C96242AF9CD6C5FD8FF5E09BD081A04F657216791379.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-05-29 19:13]
2009-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3798786406-2515143057-1228553618-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 20:51]
2009-04-25 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 08:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {48F2A482-9555-495A-B50B-55FF7643F127} = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cdw6v0a2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-25 16:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-25 16:30
ComboFix-quarantined-files.txt 2009-04-25 20:29
ComboFix2.txt 2009-04-25 02:52
Pre-Run: 11,739,648,000 bytes free
Post-Run: 11,781,738,496 bytes free
206 --- E O F --- 2009-04-25 02:41
Here's the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:39 PM, on 4/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=fp-yie8R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebo...toUploader5.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.ado...obat/nos/gp.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...ivex/RACtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{48F2A482-9555-495A-B50B-55FF7643F127}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F2A482-9555-495A-B50B-55FF7643F127}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{48F2A482-9555-495A-B50B-55FF7643F127}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 8595 bytes