The Trend Micro online scan yileded the following findings in red:
FREELOADER_TREKEIGHT
ADWARE_BHO_FREECOMMUNITY
DIALER_GENERICDIALER
ADWARE+BHOT_IEHELPER
ADWARE_BHO_DRUSEARCH
TSPY_DELF.VN
After clicking 'clean', the following could not be removed:
TSPY_PUPER
Along with a list of vulnerabilities that had not been patched.
Here is the list of installed programs by HJT:
Active Disk
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
Adobe Photoshop 5.5
Adobe Photoshop 7.0
Agfa IPLayout
Agfa Qc-Network for Windows
AGFAnet Print Service
AVG Anti-Spyware 7.5
Broadband Router
Cleaner 5 EZ
Digital Lifeline
d-port
Easy CD Creator 5 Basic
eFilm Reader-18
EPSON Color Calibrator 3.1
EPSON Printer Service Utility
EPSON Printer Software
EPSON SPR2400 Reference Guide
ESPESP76009600 Guide
Eye-One Match 3.6
FilmOnCD
Google Toolbar for Firefox
HijackThis 1.99.1
Intel(R) PRO Ethernet Adapter and Software
Iomega App Services
IomegaWare
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Macromedia Extension Manager
McAfee.com Agent
mediaRECOVER
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Net2Phone
Netscape (7.2)
NetSupport Manager
Nikon View 5
NVIDIA Drivers
PowerDVD
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sentinel System Driver
Shockwave
SoundMAX
SUPERAntiSpyware Free Edition
Sybase SQL Anywhere 7
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB-IDE Bridge Driver
Viewpoint Media Player (Remove Only)
Winamp (remove only)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
_________________________________________________________
Here is the combofix log:
Bob's Photo - 06-11-01 18:21:25.20 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Bob's Photo\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vxgamet1.exe
((((((((((((((((((((((((((((((( Files Created from 2006-10-01 to 2006-11-01 ))))))))))))))))))))))))))))))))))
2006-11-01 16:04 30,976 --a------ C:\WINDOWS\system32\ace16win.dll
2006-11-01 15:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-01 13:25 31,488 --a------ C:\WINDOWS\system32\mpsegment.exe
2006-11-01 13:25 27,904 --a------ C:\WINDOWS\system32\dload.exe
2006-11-01 13:25 26,624 --a------ C:\WINDOWS\system32\netstat2.exe
2006-11-01 13:25 17,408 --a------ C:\WINDOWS\system32\POPCORN72.EXE
2006-11-01 13:25 14,848 --a------ C:\WINDOWS\system32\anti_troj.exe
2006-11-01 13:24 19,968 --a------ C:\WINDOWS\system32\asgp32.dll
2006-10-30 11:13 8,704 --a------ C:\WINDOWS\runwin32.exe
2006-10-30 11:13 32,000 --a------ C:\WINDOWS\notepad32.exe
2006-10-30 11:13 23,552 --a------ C:\WINDOWS\olehelp.exe
2006-10-25 12:21 29,440 --a------ C:\WINDOWS\system32\VXH8JKDQ6.EXE
2006-10-25 12:21 25,344 --a------ C:\WINDOWS\system32\winmuse.exe
2006-10-25 12:21 25,088 --a------ C:\WINDOWS\system32\VXH8JKDQ2.EXE
2006-10-25 12:21 14,848 --a------ C:\WINDOWS\system32\kernels64.exe
2006-10-25 12:20 8,960 --a------ C:\WINDOWS\mtwirl32.dll
2006-10-25 12:20 17,408 --a------ C:\WINDOWS\avpcc.dll
2006-10-24 09:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-23 17:38 31,744 --a------ C:\WINDOWS\system32\perfont.exe
2006-10-23 17:37 28,160 --a------ C:\WINDOWS\wininet32.exe
2006-10-23 17:37 17,408 --a------ C:\WINDOWS\waol.exe
2006-10-23 11:40 8,448 --a------ C:\WINDOWS\system32\win32hp.dll
2006-10-23 11:40 29,952 --a------ C:\WINDOWS\systemcritical.exe
2006-10-23 11:40 29,952 --a------ C:\WINDOWS\cpan.dll
2006-10-23 11:40 28,672 --a------ C:\WINDOWS\winmgnt.exe
2006-10-23 11:40 27,648 --a------ C:\WINDOWS\x.exe
2006-10-23 11:40 26,880 --a------ C:\WINDOWS\win64.exe
2006-10-23 11:40 26,112 --a------ C:\WINDOWS\winajbm.dll
2006-10-23 11:40 26,112 --a------ C:\WINDOWS\inetdctr.dll
2006-10-23 11:40 22,016 --a------ C:\WINDOWS\win32e.exe
2006-10-23 11:40 20,736 --a------ C:\WINDOWS\system32\iewd.exe
2006-10-23 11:40 20,480 --a------ C:\WINDOWS\accesss.exe
2006-10-23 11:40 19,968 --a------ C:\WINDOWS\system32\proqlaim.exe
2006-10-23 11:40 19,456 --a------ C:\WINDOWS\dialup.exe
2006-10-23 11:40 18,176 --a------ C:\WINDOWS\system32\msmsn.exe
2006-10-23 11:40 18,176 --a------ C:\WINDOWS\spp3.dll
2006-10-23 11:40 17,664 --a------ C:\WINDOWS\window.exe
2006-10-23 11:40 16,640 --a------ C:\WINDOWS\time.exe
2006-10-23 11:40 16,384 --a------ C:\WINDOWS\systeem.exe
2006-10-23 11:40 16,384 --a------ C:\WINDOWS\clrssn.exe
2006-10-23 11:40 16,128 --a------ C:\WINDOWS\users32.exe
2006-10-23 11:40 14,336 --a------ C:\WINDOWS\y.exe
2006-10-23 11:40 13,056 --a------ C:\WINDOWS\system32\performent202.dll
2006-10-23 11:40 12,800 --a------ C:\WINDOWS\xplugin.dll
2006-10-23 11:39 45,056 --a------ C:\WINDOWS\system32\msmapi32.exe
2006-10-23 11:39 13,824 --a------ C:\WINDOWS\system32\intr32.dll
2006-10-10 22:37 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-10-10 22:37 45,056 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-10-10 22:37 45,056 --a------ C:\WINDOWS\system32\EpPicMgr.dll
2006-10-10 22:34 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2006-10-10 22:34 80,219 --a------ C:\WINDOWS\system32\E_FLM9SA.DLL
2006-10-10 22:34 64,000 --a------ C:\WINDOWS\system32\E_FBCB9SA.DLL
2006-10-10 22:34 34,304 --a------ C:\WINDOWS\system32\E_FBCH9SA.DLL
2006-10-10 22:34 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2006-10-05 11:23 6,276 --a------ C:\WINDOWS\system32\ertfsogd.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-01 15:20 -------- d-------- C:\Program Files\Internet Explorer
2006-10-31 14:25 -------- d-------- C:\Documents and Settings\Bob's Photo\Application Data\U3
2006-10-25 11:07 -------- d-------- C:\Program Files\Google
2006-10-24 09:58 -------- d-------- C:\Program Files\Grisoft
2006-10-24 09:37 -------- d-------- C:\Program Files\NoAdware4
2006-10-23 21:38 -------- d-------- C:\Program Files\Enigma Software Group
2006-10-23 18:33 -------- d-------- C:\Program Files\Windows Defender
2006-10-23 13:17 -------- d-------- C:\Documents and Settings\Bob's Photo\Application Data\Lavasoft
2006-10-23 13:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-23 13:15 -------- d-------- C:\Documents and Settings\Bob's Photo\Application Data\Google
2006-10-23 13:13 -------- d-------- C:\Program Files\Lavasoft
2006-10-06 17:23 -------- d-------- C:\Documents and Settings\Bob's Photo\Application Data\Leadertech
2006-10-06 17:22 -------- d-------- C:\Program Files\EPSON
2006-09-19 13:04 5332 --a------ C:\WINDOWS\system32\qiiksriy.exe
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 12:37 5332 --a------ C:\WINDOWS\system32\snsvidjf.exe
2006-08-26 08:14 7476 --a------ C:\WINDOWS\system32\ijqoceyf.exe
2006-08-25 09:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-17 18:13 0 --a------ C:\WINDOWS\system32\cmmgr32.exe
2006-08-17 18:13 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-08-16 05:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Iomega Active Disk"="C:\\Program Files\\Iomega\\AutoDisk\\AD2KClient.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MCAgentExe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"MCUpdateExe"="C:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe /embedding"
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AdaptecDirectCD"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"EPSON Stylus Photo R2400"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9SA.EXE /P24 \"EPSON Stylus Photo R2400\" /O6 \"USB002\" /M \"Stylus Photo R2400\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000000
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-01 18:22:11.12
C:\ComboFix.txt ... 06-11-01 18:22
_____________________________________________________________
Here is the HJT log after reboot:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:37 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Agent\mcupdate.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bob's Photo\Desktop\HJT.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... r.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.hollywoodfotofix.com/"); (C:\Documents and Settings\Bob's Photo\Application Data\Mozilla\Profiles\default\of0zc65i.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Bob's Photo\Application Data\Mozilla\Profiles\default\of0zc65i.slt\prefs.js)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: ASGP32.ASGP - {BB89F547-37EC-4920-880C-9D553B1C788C} - C:\WINDOWS\system32\asgp32.dll (file missing)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo R2400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9SA.EXE /P24 "EPSON Stylus Photo R2400" /O6 "USB002" /M "Stylus Photo R2400"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.5\MonacoGamma.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -
http://www.photofinale.com/ImageUploade ... oader3.cab
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client32 - Productive Computer Insight Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe