Solved: help!

"Owner" - 07-01-15 22:09:21 Service Pack 2
ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\drivers\fad.sys
C:\Program Files\Common Files\{6C6EB~1
C:\Program Files\PrintView

((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))

2007-01-15 16:54 d-------- C:\Program Files\Security Task Manager
2007-01-15 16:54 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SecTaskMan
2007-01-13 23:13 d-------- C:\avenger
2007-01-13 10:38 d-------- C:\Program Files\jv16 PowerTools 2006
2007-01-13 10:34 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2007-01-13 10:34 8 -r-hs---- C:\WINDOWS\system32\30954A8E6B.sys
2007-01-13 10:34 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-11 14:45 d-------- C:\Program Files\Hijackthis
2007-01-09 18:34 d-------- C:\fixwareout
2007-01-08 21:06 d-------- C:\Sierra
2007-01-08 13:03 dr--s---- C:\WINDOWS\assembly
2007-01-08 13:02 d-------- C:\WINDOWS\Microsoft.NET
2007-01-04 11:51 d-------- C:\DOCUME~1\Owner\Application Data\InstallShield
2007-01-04 11:45 d-------- C:\DirectX9
2007-01-03 19:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-02 15:43 d-------- C:\Program Files\Windows Defender
2007-01-01 20:21 d-------- C:\Program Files\Common Files\Java
2006-12-30 12:46 d-------- C:\Program Files\Windows Media Connect 2
2006-12-30 12:44 d-------- C:\WINDOWS\system32\LogFiles
2006-12-30 12:44 d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-28 01:49 d-------- C:\DOCUME~1\Owner\Application Data\Uniblue
2006-12-27 14:12 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles
2006-12-27 13:10 86,016 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-12-27 13:10 294,912 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-12-27 13:10 294,912 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-12-27 13:10 286,720 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2006-12-27 13:10 282,624 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-12-27 13:10 282,624 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-12-27 13:10 282,624 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-12-27 13:10 278,528 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-12-27 13:10 278,528 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-12-27 13:10 274,432 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-12-27 13:10 274,432 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-12-27 13:10 266,240 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-12-27 13:10 262,144 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-12-27 13:10 262,144 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-12-27 13:10 262,144 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-12-27 13:10 258,048 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-12-27 13:10 258,048 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-12-27 13:10 258,048 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-12-27 13:10 249,856 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-12-27 13:10 241,664 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-12-27 13:10 233,472 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-12-27 13:10 200,704 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-12-27 13:10 200,704 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-12-27 13:10 196,608 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-12-27 13:10 192,512 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-12-27 13:10 192,512 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-12-27 13:10 192,512 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-12-27 13:10 188,416 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-12-27 13:10 188,416 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2006-12-27 13:10 184,320 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-12-27 13:10 184,320 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-12-27 13:10 184,320 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-12-27 13:10 184,320 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-12-27 13:10 176,128 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-12-27 13:10 176,128 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-12-27 13:10 176,128 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-12-27 13:10 176,128 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-12-27 13:10 172,032 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-12-27 13:10 167,936 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-12-27 13:10 147,456 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-12-27 13:10 143,360 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-12-27 13:09 843,776 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-12-27 13:09 81,920 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-12-27 13:09 81,920 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-12-27 13:09 5,222,400 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-12-27 13:09 454,656 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-12-27 13:09 438,272 -ra------ C:\WINDOWS\system32\nvappbar.exe
2006-12-27 13:09 4,112,384 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-12-27 13:09 352,256 -ra------ C:\WINDOWS\system32\keystone.exe
2006-12-27 13:09 32,256 -ra------ C:\WINDOWS\system32\nvcodins.dll
2006-12-27 13:09 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2006-12-27 13:09 266,240 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-12-27 13:09 258,048 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-12-27 13:09 249,856 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-12-27 13:09 245,760 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-12-27 13:09 241,664 -ra------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-12-27 13:09 237,568 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-12-27 13:09 192,512 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-12-27 13:09 176,128 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-12-27 13:09 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-27 13:09 167,936 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-12-27 13:09 114,755 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-12-27 13:09 1,642,496 -ra------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-12-27 13:09 1,363,968 -ra------ C:\WINDOWS\system32\nview.dll
2006-12-27 13:09 1,110,016 -ra------ C:\WINDOWS\system32\nvdspsch.exe
2006-12-27 13:09 1,019,904 -ra------ C:\WINDOWS\system32\nvwimg.dll
2006-12-27 13:09 d-------- C:\WINDOWS\nview
2006-12-27 11:13 d-------- C:\Program Files\INAC
2006-12-27 11:08 d-------- C:\Program Files\NoAdware5.0
2006-12-27 10:48 d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2006-12-26 23:43 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ParetoLogic Anti-Spyware
2006-12-25 21:38 d-------- C:\DOCUME~1\ALLUSE~1\Application Data\VideoEgg
2006-12-25 11:38 d-------- C:\Program Files\GameShadow
2006-12-25 09:28 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-12-24 16:42 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-12-24 16:42 d-------- C:\Program Files\TuneUp Utilities 2007
2006-12-24 12:48 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-24 12:48 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-24 12:32 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-12-24 12:31 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-24 12:31 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-24 12:29 57,344 --a------ C:\WINDOWS\Unwash6.exe
2006-12-24 12:29 486,400 --a------ C:\WINDOWS\system32\wwSecure.exe
2006-12-24 12:29 d-------- C:\Program Files\Lavasoft
2006-12-24 12:28 5 --ahs---- C:\WINDOWS\system32\afeedbe5_s.dll
2006-12-19 17:55 d-------- C:\WINDOWS\NV17761524.TMP
2006-12-15 17:09 d-------- C:\Program Files\The Creative Assembly

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-14 12:03 -------- d-------- C:\Program Files\limewire
2007-01-14 12:03 -------- d-------- C:\Program Files\incomplete
2007-01-14 10:36 -------- d-------- C:\Program Files\msn messenger
2007-01-13 21:58 -------- d-------- C:\Program Files\google
2007-01-13 21:57 -------- d--h----- C:\Program Files\installshield installation information
2007-01-13 09:54 -------- d-------- C:\Program Files\itunes
2007-01-12 16:45 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2007-01-12 16:45 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2007-01-12 16:45 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2007-01-11 16:41 -------- d-------- C:\Program Files\mozilla firefox
2007-01-11 15:53 -------- d---s---- C:\DOCUME~1\Owner\Application Data\microsoft
2007-01-07 17:42 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-01-05 03:26 -------- d-------- C:\Program Files\thq
2007-01-04 13:21 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-03 20:01 -------- d-------- C:\Program Files\cant be deleted
2007-01-03 19:34 -------- d-------- C:\Program Files\grisoft
2007-01-03 17:53 -------- d-------- C:\DOCUME~1\Owner\Application Data\xfire
2007-01-01 21:14 -------- d---s---- C:\Program Files\xfire
2007-01-01 20:23 -------- d-------- C:\Program Files\java
2007-01-01 11:30 -------- d-------- C:\Program Files\webroot
2007-01-01 11:30 -------- d-------- C:\DOCUME~1\Owner\Application Data\webroot
2006-12-28 21:53 -------- d-------- C:\DOCUME~1\Owner\Application Data\avg7
2006-12-25 09:26 -------- d-------- C:\DOCUME~1\Owner\Application Data\macromedia
2006-12-24 12:48 816288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-24 12:48 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-24 12:48 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-24 12:48 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-24 12:35 -------- d-------- C:\DOCUME~1\Owner\Application Data\lavasoft
2006-12-24 12:30 -------- d-------- C:\Program Files\Common Files\webroot shared
2006-12-24 10:33 -------- d-------- C:\Program Files\nokia
2006-12-24 10:33 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-15 19:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-09 17:31 62 --a------ C:\WINDOWS\trwinupd.dll
2006-11-16 15:38 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-25 15:24 0 --a------ C:\Program Files\_iberr.txt
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"="C:\\Program Files\\Webroot\\Washer\\WashIdx.exe \"Owner\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TalkTalk"="\"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe\" /P TalkTalk"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\Windows Registry Repair Pro.exe -X"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"location"="Common Startup"
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"location"="Common Startup"
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Delta Force-Black Hawk Down Team Sabre Registration.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Delta Force-Black Hawk Down Team Sabre Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\Delta Force-Black Hawk Down Team Sabre Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\{00BDC6D7-8461-4048-B0CF-4D3886C91571}\\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\\NOVG.EXE /remind /language=ENG /PRNM=\"Delta Force-Black Hawk Down Team Sabre\""
"item"="Delta Force-Black Hawk Down Team Sabre Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Morpheus.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Morpheus.lnk"
"backup"="C:\\WINDOWS\\pss\\Morpheus.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Morpheus\\Morpheus.exe -min"
"item"="Morpheus"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"location"="Startup"
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
"backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Webshots\\WEBSHO~1.EXE "
"item"="Webshots"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1fork]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Curb Phone Amen"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Points Manager"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Virus Update Scheduler V1.39.12R]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msvc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgemc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DATALA~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ee"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbbbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Inet Xp..]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="teekids"
"hkey"="HKLM"
"command"="teekids.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TRAYAP~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSFree"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vsnpstd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vsnpstd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spykiller"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeperUI"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\styleerrorgplhelp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="math obj"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updmgr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwDisp"
"hkey"="HKCU"
"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="run"
"hkey"="HKLM"
"command"="run.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=dword:00000002
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSN Update"="dllconfg.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSN Update"="dllconfg.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://images.google.co.uk/images?q...gator.ru/pub/savers/screensaverdfbhd2.exe.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42771541-ca29-11d8-9bce-806d6172696f}]
Shell\AutoRun\command D:\autoplay.exe

Completion time: 07-01-15 22:13:18

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

SDFix: Version 1.59

16/01/2007 - 22:56:20.40

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:

Path:

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting

Normal Mode:

Checking Files:

Files will be copied to Backups folder then removed:

C:\WINDOWS\system32\_000009_.tmp.dll - Deleted
C:\WINDOWS\system32\TFTP1968 - Deleted
C:\WINDOWS\system32\TFTP2116 - Deleted
C:\WINDOWS\system32\TFTP2328 - Deleted
C:\WINDOWS\system32\TFTP2356 - Deleted
C:\WINDOWS\system32\TFTP2524 - Deleted
C:\WINDOWS\system32\TFTP2572 - Deleted
C:\WINDOWS\system32\TFTP2660 - Deleted
C:\WINDOWS\system32\TFTP2680 - Deleted
C:\WINDOWS\system32\TFTP2692 - Deleted
C:\WINDOWS\system32\TFTP3456 - Deleted

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade 1.4"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Westwood\\RA2\\game.exe"="C:\\Westwood\\RA2\\game.exe:*isabled:Main executable for Red Alert 2"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe:*:Enabled:Age of Mythology"
"C:\\Westwood\\RA2\\mph.exe"="C:\\Westwood\\RA2\\mph.exe:*:Enabled:mph"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6 Pro\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.6 Pro\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*isabled:EE-AOC"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe:*:Enabled:MessengerDiscovery"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger"
"C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe"="C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe:*:Enabled:videocall.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe"="C:\\Program Files\\GameSpy Arcade\\Services\\gspoker\\Poker-GS.exe:*:Enabled:GameSpy Poker by Jeff Anderson"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\WINDOWS\\system32\\run.exe"="C:\\WINDOWS\\system32\\run.exe:*isabled:run"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with hidden attributes:

C:\NTDETECT.COM
C:\WINDOWS\system32\afeedbe5_s.dll
C:\Program Files\THQ\Dawn of War\Disk1Check.EXE
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\system32\30954A8E6B.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file


C:\WINDOWS\system32\run.exe
C:\WINDOWS\system32\afeedbe5_s.dll
C:\Program Files\thq\*.*
C:\Program Files\cant be deleted\*.*



then

download gmer rootkit detector from http://spywarefix.org.googlepages.com/gmer.zip

unzip it & double click the gmer.exe file

select rootkit tab & press scan

when it has finished press copy & post back the log it makes

also select the autostarts tab & do the same there

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-17 20:45:14
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D1985A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D1985A] avgtdi.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F780495C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F780495C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F780495C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F780495C] sfsync03.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D1985A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D1985A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D1985A] avgtdi.sys

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

---- EOF - GMER 1.0.12 ----

Fixwareout
Last edited 1/1/2006
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
»»»»» System restarted
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

Logfile of HijackThis v1.99.1
Scan saved at 21:38:47, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.172.230.85/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D872B18-53D3-4308-98EE-65EAC3058B11}: NameServer = 85.255.114.19 85.255.112.158
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D872B18-53D3-4308-98EE-65EAC3058B11}: NameServer = 85.255.114.19 85.255.112.158
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Now we need to reset your hijacked DNS settings

To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
Go to My Computer>Dialup Networking.
Right-click your internet connection and select Properties.
A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot & post a fresh HJT log please

and I also want to see these please

• Download WinPFind
• Right Click the Zip Folder and Select "Extract All"
• Extract it somewhere you will remember like the Desktop
• Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe

• Click " Configure Scan Options"
• Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
• Now Click "Start Scan"
• It will scan the entire System, so please be patient!
• Once the Scan is Complete
  • Reboot back to Normal Mode!
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply

and

open HJT/press config/misc tools/ tick both little boxes about minor & empty sections & press generate start up list

post that back here

your pervious post request

Logfile of HijackThis v1.99.1
Scan saved at 23:13:52, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.172.230.85/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D872B18-53D3-4308-98EE-65EAC3058B11}: NameServer = 85.255.114.19 85.255.112.158
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe