1) jotti results
File: admutilstr.dll
Status: INFECTED/MALWARE
MD5: 026bd33c163d2b4cf8eab73359f956e4
Packers detected: -
Scan taken on 02 Dec 2008 01:46:33 (GMT)
A-Squared Found Virus.Win32.PureMorph!IK
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:PureMorph
AVG Antivirus Found nothing
BitDefender Found DeepScan:Generic.Obfuscated.4.BB847F75
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Trojan-Obfuscated.1!Maximus (probable variant)
F-Secure Anti-Virus Found nothing
G DATA Found Win32:PureMorph
Ikarus Found Virus.Win32.PureMorph
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found Generic
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing
2) Lop S&D log
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Rev 1.0
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:67 Go (Free:41 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:4 Go)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Mon 12/01/2008|20:58 )
--------------------\\ Listing folders in APPLIC~1
[02/01/2006|11:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[11/23/2005|04:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/23/2008|06:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[12/14/2005|04:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[12/14/2005|04:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver
[11/28/2008|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/18/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/04/2006|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[02/01/2006|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[11/21/2007|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[10/03/2006|05:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/23/2008|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[10/15/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> fqxmlmhe
[11/18/2008|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/01/2008|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[09/06/2008|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/19/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[12/14/2005|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[05/24/2006|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[05/17/2006|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[09/20/2006|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/16/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[10/15/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pkbuhujc
[06/11/2006|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[12/14/2005|04:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[12/14/2005|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[12/14/2005|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[12/01/2008|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[12/01/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[10/16/2008|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[06/16/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[04/01/2007|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[02/01/2006|11:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[11/23/2005|04:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/18/2008|11:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[12/14/2005|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[12/14/2005|04:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[12/14/2005|04:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver
[02/01/2006|10:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/25/2006|11:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[11/23/2008|06:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/23/2008|06:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:02] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> 3M
[02/01/2006|10:18] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> acccore
[11/23/2008|10:08] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Adobe
[05/13/2006|03:48] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> AdobeUM
[02/01/2006|11:22] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Aim
[02/04/2006|03:59] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> AOL
[02/25/2006|03:27] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Apple Computer
[12/26/2007|04:22] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Flock
[09/18/2006|09:45] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Google
[09/24/2007|07:33] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Help
[11/23/2005|04:00] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Identities
[07/14/2008|10:15] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Jetcast
[11/21/2007|04:24] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> LimeWire
[01/25/2006|10:59] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Macromedia
[01/30/2006|10:14] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> McAfee.com Personal Firewall
[11/23/2008|06:35] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Microsoft
[10/29/2008|06:57] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Move Networks
[01/02/2007|12:59] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Mozilla
[11/23/2008|08:09] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Real
[12/14/2005|04:31] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> SampleView
[12/31/2006|01:14] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Sony Corporation
[08/17/2007|03:18] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Sun
[04/23/2006|01:54] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Template
[08/27/2007|03:39] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> U3
[02/14/2007|11:10] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> Viewpoint
[12/14/2005|04:28] C:\DOCUME~1\OWNER~1.KRI\APPLIC~1\<DIR> You've Got Pictures Screensaver
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/28/2008 09:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/28/2008 08:54 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[01/22/2006 09:54 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 1.job
[12/01/2008 03:05 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[07/05/2006|07:54] C:\Program Files\<DIR> @Last Software
[11/17/2008|10:07] C:\Program Files\<DIR> ACW
[11/18/2008|11:10] C:\Program Files\<DIR> Adobe
[12/14/2005|04:17] C:\Program Files\<DIR> Ahead
[09/24/2007|07:33] C:\Program Files\<DIR> AIM
[02/04/2006|03:59] C:\Program Files\<DIR> America Online 9.0
[02/01/2006|10:17] C:\Program Files\<DIR> AOD
[02/04/2006|03:59] C:\Program Files\<DIR> AOL
[11/28/2008|09:08] C:\Program Files\<DIR> Apple Software Update
[12/14/2005|04:31] C:\Program Files\<DIR> ATI Technologies
[11/23/2008|06:37] C:\Program Files\<DIR> AVG
[10/25/2006|09:48] C:\Program Files\<DIR> BigFix
[11/28/2008|09:31] C:\Program Files\<DIR> Bonjour
[11/18/2008|11:08] C:\Program Files\<DIR> Common Files
[11/23/2005|03:55] C:\Program Files\<DIR> ComPlus Applications
[12/14/2005|04:29] C:\Program Files\<DIR> CONEXANT
[12/14/2005|04:23] C:\Program Files\<DIR> CyberLink
[12/26/2007|04:22] C:\Program Files\<DIR> Flock
[11/18/2008|11:07] C:\Program Files\<DIR> Google
[07/18/2008|10:55] C:\Program Files\<DIR> Hewlett-Packard
[07/18/2008|10:01] C:\Program Files\<DIR> HP
[12/31/2006|01:09] C:\Program Files\<DIR> InstallShield Installation Information
[11/17/2008|10:50] C:\Program Files\<DIR> Internet Explorer
[11/28/2008|09:34] C:\Program Files\<DIR> iPod
[11/28/2008|09:38] C:\Program Files\<DIR> iTunes
[12/14/2005|04:24] C:\Program Files\<DIR> Java
[07/14/2008|10:15] C:\Program Files\<DIR> Jetcast
[10/19/2008|09:48] C:\Program Files\<DIR> Lavasoft
[09/14/2007|08:01] C:\Program Files\<DIR> LimeWire
[10/14/2008|09:01] C:\Program Files\<DIR> lpezulf
[12/14/2005|04:33] C:\Program Files\<DIR> McAfee
[09/28/2008|07:03] C:\Program Files\<DIR> Messenger
[12/14/2005|04:21] C:\Program Files\<DIR> Microsoft ActiveSync
[12/14/2005|04:26] C:\Program Files\<DIR> Microsoft Digital Image 2006
[11/23/2005|04:00] C:\Program Files\<DIR> microsoft frontpage
[11/25/2007|01:52] C:\Program Files\<DIR> Microsoft Money 2005
[01/23/2007|10:25] C:\Program Files\<DIR> Microsoft Office
[12/14/2005|04:29] C:\Program Files\<DIR> Microsoft Works
[12/14/2005|04:21] C:\Program Files\<DIR> Microsoft.NET
[09/28/2008|11:19] C:\Program Files\<DIR> Movie Maker
[11/23/2005|03:54] C:\Program Files\<DIR> MSN
[12/14/2005|04:28] C:\Program Files\<DIR> MSN Encarta Plus
[11/23/2005|03:54] C:\Program Files\<DIR> MSN Gaming Zone
[10/17/2006|10:23] C:\Program Files\<DIR> MSXML 4.0
[10/16/2008|08:01] C:\Program Files\<DIR> Napster
[09/28/2008|11:14] C:\Program Files\<DIR> NetMeeting
[11/28/2008|03:00] C:\Program Files\<DIR> Norton Security Scan
[11/23/2005|03:58] C:\Program Files\<DIR> Online Services
[09/28/2008|11:13] C:\Program Files\<DIR> Outlook Express
[02/05/2006|05:18] C:\Program Files\<DIR> Pure Networks
[11/28/2008|09:30] C:\Program Files\<DIR> QuickTime
[12/14/2005|04:28] C:\Program Files\<DIR> Real
[12/31/2006|01:08] C:\Program Files\<DIR> Sony
[10/16/2008|07:58] C:\Program Files\<DIR> STOPzilla!
[12/14/2005|04:24] C:\Program Files\<DIR> Synaptics
[11/18/2008|10:10] C:\Program Files\<DIR> Trend Micro
[11/23/2005|04:05] C:\Program Files\<DIR> Uninstall Information
[06/16/2007|04:42] C:\Program Files\<DIR> Viewpoint
[12/23/2006|03:01] C:\Program Files\<DIR> Windows Media Player
[09/28/2008|11:13] C:\Program Files\<DIR> Windows NT
[11/23/2005|03:55] C:\Program Files\<DIR> Windows Plus
[11/23/2005|03:58] C:\Program Files\<DIR> WindowsUpdate
[11/23/2005|04:00] C:\Program Files\<DIR> xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[11/18/2008|11:10] C:\Program Files\Common Files\<DIR> Adobe
[12/14/2005|04:17] C:\Program Files\Common Files\<DIR> Ahead
[02/05/2006|05:18] C:\Program Files\Common Files\<DIR> AOL
[11/21/2007|04:28] C:\Program Files\Common Files\<DIR> Apple
[12/14/2005|04:21] C:\Program Files\Common Files\<DIR> DESIGNER
[12/14/2005|04:26] C:\Program Files\Common Files\<DIR> InstallShield
[10/16/2008|07:58] C:\Program Files\Common Files\<DIR> iS3
[12/14/2005|04:24] C:\Program Files\Common Files\<DIR> Java
[11/23/2008|06:37] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/23/2005|03:57] C:\Program Files\Common Files\<DIR> MSSoap
[12/14/2005|04:16] C:\Program Files\Common Files\<DIR> New Boundary
[12/14/2005|04:28] C:\Program Files\Common Files\<DIR> Nullsoft
[11/22/2005|07:49] C:\Program Files\Common Files\<DIR> ODBC
[11/18/2008|11:08] C:\Program Files\Common Files\<DIR> Real
[12/14/2005|04:26] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/23/2005|03:57] C:\Program Files\Common Files\<DIR> Services
[11/22/2005|07:49] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/27/2007|03:29] C:\Program Files\Common Files\<DIR> SWF Studio
[11/28/2008|03:02] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/28/2008|11:13] C:\Program Files\Common Files\<DIR> System
[10/19/2008|09:47] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[11/18/2008|11:08] C:\Program Files\Common Files\<DIR> xing shared
--------------------\\ Process
( 51 Processes )
iexplore.exe ~ [PID:3668]
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\OWNER~1.KRI\LOCALS~1\Temp\nseED.tmp
C:\DOCUME~1\OWNER~1.KRI\LOCALS~1\Temp\nsf42.tmp
C:\DOCUME~1\OWNER~1.KRI\Cookies\owner@advertising[1].txt
C:\DOCUME~1\OWNER~1.KRI\Cookies\owner@adopt.euroclick[1].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2008-12-01 20:59:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:11589][D:68]-> C:\DOCUME~1\OWNER~1.KRI\LOCALS~1\Temp
[F:205][D:0]-> C:\DOCUME~1\OWNER~1.KRI\Cookies
[F:7419][D:27]-> C:\DOCUME~1\OWNER~1.KRI\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Mon 12/01/2008|21:05 - Option : [1]
--------------------\\ Scan completed at 21:05:12
3) HiJack This log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:42 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.gateway.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/Fac ... oader5.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://camera1.thevillages.com//activex ... ontrol.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://zone.msn.com/bingame/popcaploader_v10.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: admutilstr - {57454CDE-8200-6EC6-ACEA-05DD7E12C659} - C:\Program Files\lpezulf\admutilstr.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8660 bytes
THANKS!