combofix log;
ComboFix 08-07-28.2 - Cathy 2008-07-28 16:35:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.873 [GMT -5:00]
Running from: C:\Users\Cathy\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Cathy\AppData\Roaming\macromedia\Flash Player\#SharedObjects\WDJWLEVA\interclick.com
C:\Users\Cathy\AppData\Roaming\macromedia\Flash Player\#SharedObjects\WDJWLEVA\interclick.com\ud.sol
C:\Users\Cathy\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Cathy\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\cbXPjGVm.dll
C:\Windows\system32\fccbBRIy.dll
C:\Windows\System32\lTututwa.ini
C:\Windows\System32\lTututwa.ini2
C:\Windows\system32\mlJBQKDU.dll
C:\Windows\system32\MSINET.oca
C:\Windows\System32\mVGjPXbc.ini
C:\Windows\System32\mVGjPXbc.ini2
C:\Windows\system32\pac.txt
C:\Windows\system32\pmnMDwtR.dll
C:\Windows\System32\RtwDMnmp.ini
C:\Windows\System32\RtwDMnmp.ini2
C:\Windows\system32\xtktjrnx.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.
2008-07-28 16:29 . 2008-07-28 16:29 <DIR> d-------- C:\Users\Cathy\AppData\Roaming\Roxio
2008-07-27 22:12 . 2008-07-27 22:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 21:49 . 2008-07-27 22:01 <DIR> d--hs---- C:\Users\Cathy\!
2008-07-27 21:49 . 2008-07-27 21:49 2,057,216 --a------ C:\Users\Cathy\winlogon.exe
2008-07-27 21:49 . 2008-07-27 21:49 515 --a------ C:\Users\Cathy\394.bat
2008-07-27 21:48 . 2008-07-28 16:16 <DIR> d-------- C:\Windows\System32\kBin15
2008-07-27 21:48 . 2008-07-27 21:48 <DIR> d-------- C:\Temp\epr1
2008-07-27 21:48 . 2008-07-27 21:48 <DIR> d-------- C:\Temp
2008-07-27 14:37 . 2008-07-27 14:40 <DIR> d-------- C:\Users\Cathy\AppData\Roaming\Apple Computer
2008-07-27 14:37 . 2008-07-27 14:37 <DIR> d-------- C:\Program Files\iTunes
2008-07-27 14:37 . 2008-07-27 14:37 <DIR> d-------- C:\Program Files\iPod
2008-07-27 14:36 . 2008-07-27 14:36 <DIR> d-------- C:\Program Files\Bonjour
2008-07-27 14:35 . 2008-07-27 14:37 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-27 14:35 . 2008-07-27 14:37 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-27 14:35 . 2008-07-27 14:36 <DIR> d-------- C:\Program Files\QuickTime
2008-07-27 14:34 . 2008-07-27 14:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-27 14:32 . 2008-07-27 14:32 <DIR> d-------- C:\Users\All Users\Apple
2008-07-27 14:32 . 2008-07-27 14:32 <DIR> d-------- C:\ProgramData\Apple
2008-07-27 14:32 . 2008-07-27 14:32 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-27 14:17 . 2008-07-27 22:00 <DIR> d-------- C:\Users\Cathy\AppData\Roaming\LimeWire
2008-07-27 13:47 . 2008-07-27 13:48 <DIR> d-------- C:\Users\Cathy\AppData\Roaming\teamspeak2
2008-07-27 13:47 . 2008-07-27 13:47 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-27 13:47 . 2008-07-27 13:47 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-07-18 11:26 . 2008-06-25 19:34 7,964,672 --a------ C:\Windows\System32\NlsLexicons0024.dll
2008-07-18 11:25 . 2008-06-25 19:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-16 10:39 . 2008-07-16 10:39 <DIR> d-------- C:\My WebEx Documents
2008-07-16 09:52 . 2008-07-16 09:52 <DIR> d-------- C:\Users\Cathy\WebEx
2008-07-16 09:52 . 2008-07-16 09:52 <DIR> d-------- C:\Users\Cathy\AppData\Roaming\webex
2008-07-16 09:51 . 2008-07-16 09:52 <DIR> d-------- C:\Users\All Users\WebEx
2008-07-16 09:51 . 2008-07-16 09:52 <DIR> d-------- C:\ProgramData\WebEx
2008-07-10 09:35 . 2008-07-10 09:35 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 21:32 --------- d-----w C:\ProgramData\Napster
2008-07-28 20:53 23 ----a-w C:\Users\Cathy\jagex_runescape_preferences.dat
2008-07-28 20:20 --------- d-----w C:\Users\Cathy\AppData\Roaming\AVG7
2008-07-20 00:54 --------- d-----w C:\Users\Cathy\AppData\Roaming\Corel
2008-07-11 12:50 174 --sha-w C:\Program Files\desktop.ini
2008-07-11 08:00 --------- d-----w C:\Program Files\Windows Mail
2008-06-26 00:34 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-15 22:21 --------- d-----w C:\Users\Cathy\AppData\Roaming\Aim
2008-06-15 22:21 --------- d-----w C:\Program Files\AIM
2008-06-15 22:20 --------- d-----w C:\Program Files\AOD
2008-06-15 22:18 --------- d-----w C:\ProgramData\Viewpoint
2008-06-15 22:18 --------- d-----w C:\Program Files\Viewpoint
2008-06-15 22:18 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2007-08-18 01:02 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-08-18 01:02 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 07:57 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-29 07:56 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-29 07:56 133656]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 07:35 118784]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 20:27 317560]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 18:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 13:31 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 08:05 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 07:33 219136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 12:55:32 739880]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-02-13 18:26:57 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-02-07 07:33 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 21:26 98304 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-08-01 21:48 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2007-07-20 17:30 577536 C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4133904015-3960503689-3855408361-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0BED7E84-052B-4C92-9EED-B713ED195A79}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{0959FBFD-F2D0-4687-9DA3-1313993ED80F}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{27C22BD5-CDC3-4811-8E81-EDBF220263A3}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{92EAEB4A-3DC0-4BD0-94DA-73F7611E3504}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{EF0BC1DC-1CF7-4012-956D-FAAC3CEAA71A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BA51F549-8ABF-41F2-95E5-B2D61C0765C6}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{DC72786E-56BD-4728-8B95-8B7D2D229A52}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D0557D64-240B-4C74-8815-9857CAA60400}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{98319EF9-3EB2-4157-91BB-2E7968769B36}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{706CB6B0-4B81-41A1-A0F1-6ECF46640018}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2794680B-A0BC-41F9-A578-AA667BEA1C17}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{092D67AC-AF77-40BE-9CC8-628FA5504360}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 22:09]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:05]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-06-27 07:13]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-06-27 07:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2007-04-05 08:06]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 07:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-18 08:19]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-07-02 09:10]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-02 09:10]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-02 09:09]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-02 09:10]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 18:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 17:34]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 17:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 12:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 19:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Host Process - C:\Users\Cathy\svchost.exe
HKLM-Run-MSServer - C:\Windows\system32\mlJBQKDU.dll
HKLM-Run-BMed7b246e - C:\Windows\system32\xtktjrnx.dll
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.com/R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-28 16:41:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Windows\System32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-28 16:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 21:45:09
Pre-Run: 220,315,897,856 bytes free
Post-Run: 220,314,841,088 bytes free
229 --- E O F --- 2008-07-25 12:30:49
----------------------------------------------------------------
hijackthis log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:40 PM, on 7/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10130 bytes
hope i did everything correctly
thanks for help