Ok. Here is my Combofix Log and HiJackthis Log.
ComboFix 09-04-15.08 - Matt 04/15/2009 11:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090415-0] *On-access scanning disabled* (Updated)
FW: Online Armor Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\besefela.dll
c:\windows\system32\buzozati.dll
c:\windows\system32\jabihoju.dll
c:\windows\system32\lamewebe.dll
c:\windows\system32\mayunosi.dll
c:\windows\system32\ojugenul.ini
c:\windows\system32\olugivez.ini
c:\windows\system32\rewikote.dll
c:\windows\system32\romekaye.dll
c:\windows\system32\siduwoha.dll
c:\windows\system32\teruvobi.dll
c:\windows\system32\yivivaso.dll
c:\windows\system32\zevigulo.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-14 02:43 . 2009-04-15 15:35 -------- d-----w c:\documents and settings\Matt\Application Data\OnlineArmor
2009-04-14 02:43 . 2009-04-14 02:43 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-04-14 02:42 . 2008-12-13 06:26 30920 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-04-14 02:42 . 2008-12-13 06:26 28872 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-04-14 02:42 . 2008-12-13 06:26 178376 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-04-08 11:33 . 2009-04-08 11:33 -------- d-----w c:\documents and settings\Matt\Application Data\Blackberry Desktop
2009-04-08 04:26 . 2009-04-08 04:26 -------- d-----w c:\documents and settings\Matt\Application Data\Research In Motion
2009-03-24 21:48 . 2009-03-25 03:09 -------- d-----w c:\documents and settings\Matt\Application Data\vlc
2009-03-24 21:42 . 2009-03-24 21:42 -------- d-----w c:\documents and settings\Matt\Local Settings\Application Data\WinZip
2009-03-24 21:42 . 2009-03-24 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 03:04 . 2009-01-14 03:04 47104 --sha-w c:\windows\system32\seduvumo.exe
2009-04-14 03:04 . 2009-01-14 03:04 47104 --sha-w c:\windows\system32\seduvumo.exe
2009-04-14 02:38 . 2009-04-06 23:15 -------- d-----w c:\program files\Common Files\Agnitum Shared
2009-04-13 15:04 . 2009-01-13 15:04 47104 --sha-w c:\windows\system32\sufamoku.exe
2009-04-13 15:04 . 2009-01-13 15:04 47104 --sha-w c:\windows\system32\sufamoku.exe
2009-04-13 03:04 . 2009-01-13 03:04 47104 --sha-w c:\windows\system32\sunugapi.exe
2009-04-13 03:04 . 2009-01-13 03:04 47104 --sha-w c:\windows\system32\sunugapi.exe
2009-04-09 02:25 . 2008-08-16 03:04 -------- d-----w c:\documents and settings\Matt\Application Data\Move Networks
2009-04-08 04:43 . 2009-02-03 03:10 -------- d-----w c:\program files\Common Files\Research In Motion
2009-04-08 04:41 . 2009-04-08 04:41 -------- d-----w c:\program files\Research In Motion
2009-03-29 01:24 . 2007-04-22 21:36 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-23 14:16 . 2008-09-24 12:52 -------- d-----w c:\documents and settings\Matt\Application Data\MSN6
2009-03-05 02:19 . 2009-03-05 02:19 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-17 13:11 . 2007-05-23 01:09 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-01-28 02:16 . 2007-04-22 19:59 66720 ----a-w c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-19 03:45 . 2009-01-19 03:45 410984 ----a-w c:\windows\system32\deploytk.dll
2008-12-28 19:35 . 2007-04-22 20:48 169248 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-12-08 18:59 . 2008-12-08 18:59 60744 ----a-w c:\documents and settings\Matt\g2mdlhlpx.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="f:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-26 615696]
"@OnlineArmor GUI"="f:\program files\Tall Emu\Online Armor\oaui.exe" [2008-12-13 6223048]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-3-25 1545488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 14:35 49152 ----a-w c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-03-26 01:32 615696 ----a-w c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WDA-2320]
2005-12-15 16:21 2490368 ----a-w c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-14 15:54 200704 ----a-w c:\program files\Gigabyte\ET5\GUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-21 02:36 1207080 ----a-w f:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 22:25 1961984 ------w c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22 7700480 ----a-w c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 16:22 86016 ----a-w c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w f:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-19 03:45 136600 ----a-w c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-04-22 21:40 185896 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 16:22 1622016 ----a-w c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 17:36 14854144 ----a-w c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\update.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"f:\\Program Files\\World of Warcraft\\Repair.exe"=
"f:\program files\Microsoft ActiveSync\rapimgr.exe"= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"f:\program files\Microsoft ActiveSync\wcescomm.exe"= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"f:\program files\Microsoft ActiveSync\WCESMgr.exe"= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"f:\\Program Files\\World of Warcraft\\Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 SvcOnlineArmor;Online Armor;f:\program files\Tall Emu\Online Armor\oasrv.exe [2008-12-13 3321032]
S1 aswSP;avast! Self Protection; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-13 178376]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-13 30920]
S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-13 28872]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 OAcat;Online Armor Helper Service;f:\program files\Tall Emu\Online Armor\oacat.exe [2008-12-13 1402568]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-08-25 466880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{b5c225f2-b367-4786-896a-5dcb38fa3549} - c:\windows\system32\rewikote.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://internetsearchservice.com/search?q={searchTerms}
mSearchMigratedDefaultURL =
hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\9hszsaj5.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.msn.com/FF - plugin: c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\9hszsaj5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: f:\program files\QuickTime\Plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-15 11:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\msv1_0.dll
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
f:\progra~1\SPYBOT~1\SDHelper.dll
f:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Alwil Software\Avast4\aswUpdSv.exe
f:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-15 11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 15:36
ComboFix2.txt 2009-04-05 02:18
Pre-Run: 107,059,810,304 bytes free
Post-Run: 107,269,165,056 bytes free
224
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:27 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\nvsvc32.exe
f:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [@OnlineArmor GUI] "F:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 0489948531O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - f:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - f:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 6309 bytes