New reports after scans, thanks for your help again. Only problem was SpySweeper.exe running while Combo-fix was scanning, could not get it to shut off, process was running at 100%, really slow scanning, took all night!
Dan
ComboFix 09-01-18.01 - me 2009-01-18 22:42:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.438 [GMT -5:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_004005_.tmp.dll
c:\windows\system32\_004006_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_004008_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_004016_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004019_.tmp.dll
c:\windows\system32\_004020_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004026_.tmp.dll
c:\windows\system32\_004027_.tmp.dll
c:\windows\system32\_004028_.tmp.dll
c:\windows\system32\_004030_.tmp.dll
c:\windows\system32\_004031_.tmp.dll
c:\windows\system32\_004033_.tmp.dll
c:\windows\system32\_004034_.tmp.dll
c:\windows\system32\_004036_.tmp.dll
c:\windows\system32\_004038_.tmp.dll
c:\windows\system32\_004039_.tmp.dll
c:\windows\system32\_004041_.tmp.dll
c:\windows\system32\_004044_.tmp.dll
c:\windows\system32\_004046_.tmp.dll
c:\windows\system32\_004047_.tmp.dll
c:\windows\system32\_004048_.tmp.dll
c:\windows\system32\_004049_.tmp.dll
c:\windows\system32\_004052_.tmp.dll
c:\windows\system32\_004053_.tmp.dll
c:\windows\system32\_004054_.tmp.dll
c:\windows\system32\_004055_.tmp.dll
c:\windows\system32\_004056_.tmp.dll
c:\windows\system32\_004061_.tmp.dll
c:\windows\system32\_004063_.tmp.dll
c:\windows\system32\_004064_.tmp.dll
c:\windows\system32\_006211_.tmp.dll
c:\windows\system32\_006212_.tmp.dll
c:\windows\system32\_006213_.tmp.dll
c:\windows\system32\_006214_.tmp.dll
c:\windows\system32\_006221_.tmp.dll
c:\windows\system32\_006222_.tmp.dll
c:\windows\system32\_006223_.tmp.dll
c:\windows\system32\_006224_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\_006230_.tmp.dll
c:\windows\system32\_006231_.tmp.dll
c:\windows\system32\_006233_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006235_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006238_.tmp.dll
c:\windows\system32\_006240_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006243_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006246_.tmp.dll
c:\windows\system32\_006248_.tmp.dll
c:\windows\system32\_006251_.tmp.dll
c:\windows\system32\_006253_.tmp.dll
c:\windows\system32\_006254_.tmp.dll
c:\windows\system32\_006255_.tmp.dll
c:\windows\system32\_006256_.tmp.dll
c:\windows\system32\_006257_.tmp.dll
c:\windows\system32\_006260_.tmp.dll
c:\windows\system32\_006261_.tmp.dll
c:\windows\system32\_006262_.tmp.dll
c:\windows\system32\_006263_.tmp.dll
c:\windows\system32\_006264_.tmp.dll
c:\windows\system32\_006269_.tmp.dll
c:\windows\system32\_006271_.tmp.dll
c:\windows\system32\_006272_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-18 19:05 . 2009-01-18 19:05 <DIR> d-------- c:\windows\ERUNT
2009-01-18 18:50 . 2009-01-18 20:03 <DIR> d-------- C:\SDFix
2009-01-14 20:38 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-14 20:37 . 2009-01-14 23:03 <DIR> d-------- c:\documents and settings\me\Application Data\HouseCall 6.6
2009-01-14 18:10 . 2009-01-14 18:10 <DIR> d-------- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-01-19 02:00 --------- d-----w c:\documents and settings\me\Application Data\AVG7
2008-12-25 18:16 --------- d-----w c:\documents and settings\me\Application Data\AdobeUM
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-25 77824]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-03 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4918:UDP"= 4918:UDP:Windows Media Format SDK (iexplore.exe)
"4932:UDP"= 4932:UDP:Windows Media Format SDK (iexplore.exe)
"4950:UDP"= 4950:UDP:Windows Media Format SDK (iexplore.exe)
"4968:UDP"= 4968:UDP:Windows Media Format SDK (iexplore.exe)
"1034:UDP"= 1034:UDP:Windows Media Format SDK (iexplore.exe)
"1042:UDP"= 1042:UDP:Windows Media Format SDK (iexplore.exe)
"1052:UDP"= 1052:UDP:Windows Media Format SDK (iexplore.exe)
"1066:UDP"= 1066:UDP:Windows Media Format SDK (iexplore.exe)
"1080:UDP"= 1080:UDP:Windows Media Format SDK (iexplore.exe)
"1094:UDP"= 1094:UDP:Windows Media Format SDK (iexplore.exe)
"1114:UDP"= 1114:UDP:Windows Media Format SDK (iexplore.exe)
"1122:UDP"= 1122:UDP:Windows Media Format SDK (iexplore.exe)
"1132:UDP"= 1132:UDP:Windows Media Format SDK (iexplore.exe)
"1146:UDP"= 1146:UDP:Windows Media Format SDK (iexplore.exe)
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-05-09 9344]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-07-13 29808]
R3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2005-05-09 65664]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-03-11 598856]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-05-09 4064]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-05-09 448640]
.
Contents of the 'Scheduled Tasks' folder
2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-01-19 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeperFullSweep.job
- a:\","c:\","d:\","e:\","F:\" []
2009-01-19 c:\windows\Tasks\wrSpySweeper_L46CD4F09F9284BE099A3CAE2D3E844B3.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeper_L46CD4F09F9284BE099A3CAE2D3E844B3.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeper_L46CD4F09F9284BE099A3CAE2D3E844B3.job
- a:\","c:\","d:\","e:\","F:\" []
2009-01-19 c:\windows\Tasks\wrSpySweeper_LC48A5825247E4D6E83039764BA37E304.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeper_LC48A5825247E4D6E83039764BA37E304.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2009-01-19 c:\windows\Tasks\wrSpySweeper_LC48A5825247E4D6E83039764BA37E304.job
- a:\","c:\","d:\","e:\","F:\" []
.
- - - - ORPHANS REMOVED - - - -
Notify-__c0055C03 - c:\windows\system32\__c0055C03.dat
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.comcast.net/a/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: signin.ebay.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-19 06:49:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-19 7:34:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 12:33:13
Pre-Run: 48,055,259,136 bytes free
Post-Run: 48,007,421,952 bytes free
214 --- E O F --- 2009-01-16 07:10:23
SDFix report
SDFix: Version 1.240 Run by me on Sun 01/18/2009 at 07:10 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url - Deleted
C:\Documents and Settings\me\My Documents\My Documents.url - Deleted
C:\Documents and Settings\me\My Documents\My Music\My Music.url - Deleted
C:\Documents and Settings\me\My Documents\My Videos\My Video.url - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
Folder C:\WINDOWS\system32\smp - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-18 19:59:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF224D2C7ÿ319BC44]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 9 Aug 2001 64,512 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"
Tue 29 Aug 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 14 Jan 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!Hijack this report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:44 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/a/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) -
http://216.207.10.118/plugin/h263ctrl.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\system32\IomegaAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (
www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
--
End of file - 6106 bytes