Computer appears to work fine, now. I did a couple of searches, clicked on links and went directly to them, no doubleclick stuff. I went to AT&T and changed my phone service bundle to stop long-distance service. When I did, the security suite was disabled, so I uninstalled it and got AVG. Also, when I tried to download security updates for windows, the hijacker wouldn't let me. It would start, then would say "connection to server unexpectedly terminated". It seems to work now, however this is an unregistered version of XP and they won't give me any updates unless I register. I don't know what to do. Here are the requested logs.ComboFix 09-03-23.01 - john 2009-03-25 17:54:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.291 [GMT -5:00]
Running from: c:\documents and settings\john.JOHN-N4EBF8PJUN\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\john.JOHN-N4EBF8PJUN\Start Menu\Programs\WatchFree
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds
c:\recycler\RB4.tmp
c:\windows\system32\drivers\gaopdxfvdpqjwsrpiewiomycpkbgrwrpdivqxm.sys
c:\windows\system32\drivers\gaopdxucbfoofjxvitlexukltkbphxnsvxfmqi.sys
c:\windows\system32\drivers\gaopdxyksrqxehrkmoiyndpqjxuboioyxknbga.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxngxwhgvtrjcnublmmspmpoieutysivdn.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-23 14:19 . 2009-03-25 10:05 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-23 14:03 . 2009-03-23 14:03 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-23 14:03 . 2009-03-23 14:03 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\AVGTOOLBAR
2009-03-23 14:03 . 2009-03-23 14:03 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-23 14:03 . 2009-03-23 14:03 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-23 14:03 . 2009-03-23 14:03 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-23 14:02 . 2009-03-23 14:02 <DIR> d-------- c:\program files\AVG
2009-03-23 14:02 . 2009-03-23 14:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-03-21 21:08 . 2009-03-21 21:08 <DIR> d-------- c:\program files\Trend Micro
2009-03-18 21:18 . 2009-03-18 21:18 38,400 --a------ c:\windows\system32\drivers\quadraserv.sys
2009-03-15 07:47 . 2009-03-15 07:47 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\NCH Software
2009-03-15 04:54 . 2009-03-15 05:04 <DIR> d-------- c:\program files\NCH Software
2009-03-14 23:03 . 2009-01-16 18:34 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-14 23:03 . 2009-01-16 18:34 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-14 23:02 . 2009-03-14 23:03 <DIR> d-------- c:\windows\system32\Adobe
2009-03-14 20:43 . 2009-03-14 20:43 <DIR> d-------- c:\program files\Skype
2009-03-14 20:43 . 2009-03-14 20:43 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-14 20:43 . 2009-03-23 01:54 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\Skype
2009-03-13 05:38 . 2009-03-13 05:38 <DIR> d-------- c:\program files\IrfanView
2009-03-12 17:16 . 2009-03-12 17:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Motive
2009-03-12 17:15 . 2009-03-12 17:16 <DIR> d-------- c:\program files\Common Files\Motive
2009-03-12 17:15 . 2009-03-12 17:16 <DIR> d-------- c:\program files\ATT
2009-03-12 17:15 . 2005-07-12 02:28 69,632 --a------ c:\windows\system32\MCCDevice.dll
2009-03-12 17:15 . 2005-07-12 02:28 6,048 --a------ c:\windows\system32\MCC16.dll
2009-03-12 04:43 . 2009-03-12 04:43 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-11 04:43 . 2009-03-11 04:43 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\Forte
2009-03-10 18:28 . 2009-03-14 16:09 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\skypePM
2009-03-10 18:28 . 2009-03-10 18:28 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-10 18:21 . 2009-03-14 20:43 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-03-10 14:32 . 2009-03-10 14:32 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\GRETECH
2009-03-10 13:05 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-03-10 13:05 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-03-10 13:05 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2009-03-10 11:47 . 2001-08-17 12:19 40,704 --a------ c:\windows\system32\drivers\es1371mp.sys
2009-03-10 11:47 . 2001-08-17 12:19 40,704 --a--c--- c:\windows\system32\dllcache\es1371mp.sys
2009-03-09 21:05 . 2009-03-09 21:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-09 20:53 . 2009-03-09 21:00 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-09 20:39 . 2009-03-09 20:39 <DIR> d-------- c:\program files\NOS
2009-03-09 20:39 . 2009-03-09 20:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-03-09 20:10 . 2009-03-09 20:10 34 --a------ c:\windows\hpfsched.ini
2009-03-09 20:06 . 2009-03-09 20:06 <DIR> d-------- c:\program files\hp photosmart
2009-03-09 20:05 . 2006-01-13 01:46 311,296 --a------ c:\windows\system32\hphmon03.exe
2009-03-09 20:05 . 2006-01-13 01:46 249,856 --a------ c:\windows\system32\hph_asui.exe
2009-03-09 20:05 . 2006-01-13 01:46 50,800 --a------ c:\windows\system32\drivers\hphid409.sys
2009-03-09 20:05 . 2006-01-13 01:46 50,211 --a------ c:\windows\system32\drivers\hphs2k09.sys
2009-03-09 20:05 . 2006-01-13 01:46 40,525 --a------ c:\windows\system32\inc.hpi
2009-03-09 20:05 . 2006-01-13 01:46 40,448 --a------ c:\windows\system32\hpfinsta.exe
2009-03-09 20:05 . 2006-01-13 01:46 36,864 --a------ c:\windows\hpfsched.exe
2009-03-09 20:05 . 2006-01-13 01:46 28,773 --a------ c:\windows\system32\master.hpi
2009-03-09 20:05 . 2006-01-13 01:46 18,864 --a------ c:\windows\system32\drivers\hphius09.sys
2009-03-09 20:05 . 2006-01-13 01:46 16,112 --a------ c:\windows\system32\drivers\hphipr09.sys
2009-03-09 20:04 . 2009-03-09 20:05 <DIR> d-------- c:\temp\photosmart
2009-03-09 20:04 . 2006-01-13 01:46 335,872 --a------ c:\windows\system32\Hphc3203.dll
2009-03-09 20:04 . 2006-01-13 01:46 262,144 --a------ c:\windows\system32\hpzcon04.dll
2009-03-09 20:04 . 2006-01-13 01:46 200,704 --a------ c:\windows\system32\hpzcoi04.dll
2009-03-09 20:04 . 2006-01-13 01:46 184,832 --a------ c:\windows\system32\hpfinst.dll
2009-03-09 20:04 . 2006-01-13 01:46 98,304 --------- c:\windows\system32\hphidr09.dll
2009-03-09 20:04 . 2006-01-13 01:46 81,920 --------- c:\windows\system32\hphipr09.dll
2009-03-09 20:04 . 2006-01-13 01:46 77,824 --------- c:\windows\system32\hphipm09.exe
2009-03-09 20:04 . 2006-01-13 01:46 3,691 --------- c:\windows\hphinfs.dat
2009-03-09 19:45 . 2004-08-03 22:58 207,360 --a------ c:\windows\system32\drivers\Dot4.sys
2009-03-09 19:45 . 2004-08-03 22:58 207,360 --a--c--- c:\windows\system32\dllcache\dot4.sys
2009-03-09 19:45 . 2001-08-17 13:47 23,808 --a------ c:\windows\system32\drivers\Dot4usb.sys
2009-03-09 19:45 . 2001-08-17 13:47 23,808 --a--c--- c:\windows\system32\dllcache\dot4usb.sys
2009-03-09 19:45 . 2001-08-17 13:47 12,928 --a------ c:\windows\system32\drivers\Dot4Prt.sys
2009-03-09 19:45 . 2001-08-17 13:47 12,928 --a--c--- c:\windows\system32\dllcache\dot4prt.sys
2009-03-09 15:59 . 2009-03-09 16:00 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\vlc
2009-03-09 11:27 . 2009-03-09 11:27 <DIR> d-------- c:\program files\VideoLAN
2009-03-09 11:25 . 2009-03-09 11:25 <DIR> d-------- c:\program files\GRETECH
2009-03-09 11:24 . 2009-03-25 17:36 701 --a------ c:\windows\NewsRover.INI
2009-03-09 10:38 . 2009-03-09 10:38 108,974 --a------ c:\windows\News Rover Uninstaller.exe
2009-03-09 10:37 . 2009-03-25 07:21 <DIR> d-------- c:\program files\NewsRover
2009-03-09 10:28 . 2009-03-09 10:28 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-03-09 10:28 . 2009-03-09 10:28 9,062 --a------ c:\windows\system32\small1.ico
2009-03-09 10:28 . 2009-03-09 10:28 9,062 --a------ c:\windows\system32\small.ico
2009-03-09 10:27 . 2009-03-09 20:04 <DIR> d-------- C:\temp
2009-03-09 10:27 . 2009-03-09 10:29 <DIR> d-------- c:\program files\ATT Internet Tools
2009-03-09 10:18 . 2009-03-09 10:18 <DIR> d--h----- c:\windows\PIF
2009-03-09 10:11 . 2009-03-23 13:15 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\AT&T
2009-03-09 10:11 . 2009-03-23 13:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\AT&T
2009-03-09 10:08 . 2009-03-09 10:08 <DIR> d-------- c:\documents and settings\JOHN~1\LOCALS~1
2009-03-09 10:08 . 2009-03-09 10:08 <DIR> d-------- c:\documents and settings\JOHN~1
2009-03-09 01:09 . 2009-03-09 01:09 <DIR> d---s---- c:\windows\system32\Microsoft
2009-03-09 01:03 . 2009-03-09 01:10 316,640 --a------ c:\windows\WMSysPr9.prx
2009-03-09 01:02 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax
2009-03-09 01:02 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax
2009-03-09 01:02 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll
2009-03-09 01:02 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax
2009-03-09 01:02 . 2004-08-03 23:08 40,832 --------- c:\windows\system32\drivers\irbus.sys
2009-03-09 01:02 . 2004-08-04 00:56 32,768 --------- c:\windows\system32\asr_pfu.exe
2009-03-09 01:02 . 2004-08-03 22:59 12,800 --------- c:\windows\system32\spiisupd.exe
2009-03-09 01:02 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe
2009-03-09 00:59 . 2009-03-09 00:59 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-09 00:56 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-03-09 00:55 . 2004-07-17 11:40 19,528 --a------ c:\windows\
002364_.tmp
2009-03-09 00:55 . 2004-08-03 22:42 15,872 --a------ c:\windows\system32\spupdsvc.exe
2009-03-09 00:52 . 2009-03-09 00:52 <DIR> d-------- c:\windows\EHome
2009-03-09 00:23 . 2009-03-09 00:23 <DIR> d-------- c:\program files\SiS7018
2009-03-09 00:16 . 2002-08-30 09:50 381,696 --a------ c:\windows\system32\drivers\sis7018.sys
2009-03-09 00:10 . 2009-03-09 00:10 <DIR> d-------- c:\documents and settings\john.JOHN-N4EBF8PJUN\WINDOWS
2009-03-09 00:10 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe
2009-03-08 22:58 . 2009-03-08 22:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\CyberLink
2009-03-08 22:38 . 2009-03-08 22:38 <DIR> d---s---- c:\documents and settings\john.JOHN-N4EBF8PJUN\UserData
2009-03-08 14:02 . 2009-03-08 14:02 <DIR> d---s---- c:\documents and settings\john\UserData
2009-03-08 13:39 . 2009-03-08 13:40 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-03-08 08:30 . 2009-03-08 13:37 <DIR> dr------- c:\documents and settings\All Users\Documents
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 15:11 --------- d-----w c:\program files\InstallShield Installation Information
2009-03-09 04:06 --------- d-----w c:\program files\LView Pro 20
2009-03-09 04:01 --------- d-----w c:\program files\Common Files\Ahead
2009-03-09 04:01 --------- d-----w c:\program files\Ahead
2009-03-09 03:58 --------- d-----w c:\program files\CyberLink
2009-03-09 03:57 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-08 18:41 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-10 23395880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-07-07 1232946]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2009-03-09 103776]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2006-01-13 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 14:03 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-23 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-23 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2009-03-09 18864]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-09 33752]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.att.net/FF - ProfilePath - c:\documents and settings\john.JOHN-N4EBF8PJUN\Application Data\Mozilla\Firefox\Profiles\ifx5z1f3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-25 17:57:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-25 17:58:34
ComboFix-quarantined-files.txt 2009-03-25 22:58:28
Pre-Run: 69,953,994,752 bytes free
Post-Run: 70,071,574,528 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
209Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:20 PM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.att.net/F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{288A443B-C939-44B1-B502-CE87B81E9228}: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CS1\Services\Tcpip\..\{288A443B-C939-44B1-B502-CE87B81E9228}: NameServer = 85.255.112.121,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.121,85.255.112.123
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
--
End of file - 4589 bytes