Combofix & HijackThis logs
Here are the requested logs.
Thanks
Will
ComboFix 09-01-21.04 - Will 2009-01-23 22:40:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.767.248 [GMT -6:00]
Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Will\Application Data\inst.exe
c:\windows\system32\agdmmais.dll
c:\windows\system32\aghrjteg.dll
c:\windows\system32\axhqwqws.dll
c:\windows\system32\berobg.dll
c:\windows\system32\cgpadm.dll
c:\windows\system32\cpntexdb.dll
c:\windows\system32\erehqxra.dll
c:\windows\system32\fcccyXQG.dll
c:\windows\system32\feppkwga.dll
c:\windows\system32\gbgogxcb.dll
c:\windows\system32\gipaclvg.dll
c:\windows\system32\gmpgof.dll
c:\windows\system32\gyqsijmu.dll
c:\windows\system32\htmfpr.dll
c:\windows\System32\ifmeug.dll
c:\windows\system32\itgixuap.dll
c:\windows\system32\iwxzqd.dll
c:\windows\system32\jdgvzg.dll
c:\windows\system32\jejbmnic.dll
c:\windows\system32\jpufdvga.dll
c:\windows\system32\jrilmwcl.dll
c:\windows\system32\kkUDdJjl.ini
c:\windows\system32\kkUDdJjl.ini2
c:\windows\system32\kwkkov.dll
c:\windows\system32\lfuxjf.dll
c:\windows\system32\ljJdDUkk.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\miqtay.dll
c:\windows\system32\nejyiysm.dll
c:\windows\system32\nlyiugng.dll
c:\windows\system32\nmipsplb.dll
c:\windows\system32\oakaubem.dll
c:\windows\system32\ohdqig.dll
c:\windows\system32\pacmys.dll
c:\windows\system32\pdgqds.dll
c:\windows\system32\rpphkmbb.dll
c:\windows\System32\rqpmjsnw.dll
c:\windows\system32\sgyptdir.dll
c:\windows\system32\tpxosxby.dll
c:\windows\system32\tvdblayd.dll
c:\windows\system32\tzjozv.dll
c:\windows\system32\vyaecn.dll
c:\windows\system32\wegero.dll
c:\windows\system32\wnsjmpqr.ini
c:\windows\system32\xtddlm.dll
c:\windows\system32\xyhnre.dll
c:\windows\system32\yctjpx.dll
c:\windows\system32\ypgyimdn.dll
c:\windows\system32\zmebhr.dll
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-23 22:36 . 2009-01-23 22:36 3,048,418 --a------ c:\temp\ComboFix.exe
2009-01-23 07:36 . 2009-01-18 13:18 401,720 --a------ c:\temp\WillCz.exe
2009-01-18 17:29 . 2009-01-18 17:29 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-18 17:29 . 2009-01-18 17:29 1,409 --a------ c:\windows\QTFont.for
2009-01-18 13:28 . 2009-01-18 13:29 <DIR> d-------- c:\program files\ERUNT
2009-01-18 13:18 . 2009-01-18 13:18 401,720 --a------ c:\temp\HiJackThis.exe
2009-01-18 13:17 . 2009-01-18 13:17 791,393 --a------ c:\temp\erunt-setup.exe
2009-01-16 16:03 . 2009-01-16 16:05 15,083,520 --a------ c:\temp\spybotsd160.exe
2009-01-04 22:40 . 2009-01-04 18:13 988,373 --a------ C:\T Czerwinski 5th Grade.jpg
2009-01-04 22:40 . 2009-01-04 18:14 574,336 --a------ C:\T Czerwinski Kdg.jpg
2009-01-04 22:38 . 2009-01-04 18:09 805,781 --a------ C:\T Czerwinski Baby Pic.jpg
2009-01-03 03:53 . 2009-01-03 03:53 <DIR> d-------- c:\temp\PCPilot
2009-01-03 03:42 . 2009-01-03 03:42 <DIR> d-------- c:\temp\pebbles
2009-01-03 03:41 . 2009-01-03 03:41 1,635,230 --a------ c:\temp\pebbles1.zip
2009-01-03 03:39 . 2009-01-03 03:39 361,856 --a------ c:\temp\PCPilot.zip
2009-01-03 03:35 . 2009-01-03 03:36 1,635,230 --a------ c:\temp\pebbles.zip
2008-12-30 00:58 . 2008-12-30 00:58 <DIR> d-------- c:\temp\ccsetup215
2008-12-30 00:58 . 2008-12-30 00:58 914,095 --a------ c:\temp\ccsetup215.zip
2008-12-29 11:59 . 2009-01-23 22:49 <DIR> d-------- c:\program files\PC Tools AntiVirus
2008-12-29 11:59 . 2008-12-29 11:59 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-29 11:59 . 2008-12-29 11:59 <DIR> d-------- c:\documents and settings\Will\Application Data\PC Tools
2008-12-29 11:59 . 2009-01-23 22:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-29 11:59 . 2008-12-29 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-29 11:59 . 2007-12-06 16:51 28,568 --a------ c:\windows\system32\drivers\AVHook.sys
2008-12-29 11:59 . 2007-12-06 16:51 21,912 --a------ c:\windows\system32\drivers\AVRec.sys
2008-12-29 11:59 . 2008-02-12 11:44 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys
2008-12-29 11:52 . 2008-12-29 11:57 23,222,552 --a------ c:\temp\avinstall.exe
2008-12-29 11:49 . 2008-12-29 11:59 2,016,364 --a------ c:\temp\setupeng.exe
2008-12-29 11:33 . 2008-12-29 11:44 54,157,776 --a------ c:\temp\avg_free_stf_en_8_176a1400.exe
2008-12-29 01:05 . 2008-12-29 01:05 <DIR> d-------- c:\program files\Sophos
2008-12-29 01:04 . 2008-12-29 01:04 1,181,383 --a------ c:\temp\sarsfx.exe
2008-12-29 00:42 . 2008-12-29 00:50 38,305,544 --a------ c:\temp\20081228-003-i32.exe
2008-12-28 22:23 . 2008-12-28 22:24 202,071 --a------ c:\temp\RipIt4Me.zip
2008-12-27 00:51 . 2008-12-27 00:51 <DIR> d-------- c:\temp\ImagoMPEG-Muxer
2008-12-27 00:50 . 2008-12-27 00:50 194,930 --a------ c:\temp\ImagoMPEG-Muxer.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 03:39 --------- d-----w c:\program files\Eudora
2009-01-18 23:40 --------- d-----w c:\program files\XNews
2009-01-17 16:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-16 22:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-15 22:26 --------- d-----w c:\documents and settings\Will\Application Data\SuperNZB
2009-01-14 13:31 --------- d-----w c:\documents and settings\Will\Application Data\Vso
2009-01-14 07:12 --------- d-----w c:\program files\FreeCommander
2008-12-29 06:29 --------- d-----w c:\documents and settings\Will\Application Data\Orbit
2008-12-22 20:29 --------- d-----w c:\documents and settings\Will\Application Data\OpenOffice.org2
2008-12-20 06:51 --------- d-----w c:\program files\All Media Fixer
2008-12-06 04:05 2,128,384 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-12-06 04:05 1,864,704 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-12-02 16:23 --------- d-----w c:\program files\Real Alternative
2008-12-02 16:20 --------- d-----w c:\program files\RealPlayer
2008-12-02 16:20 --------- d-----w c:\program files\Common Files\Real
2008-11-30 22:42 --------- d-----w c:\program files\Corel
2008-11-30 22:42 --------- d-----w c:\program files\Common Files\Corel
2008-11-30 22:42 --------- d-----w c:\documents and settings\Will\Application Data\Corel
2008-11-30 22:25 --------- d-----w c:\program files\Jasc Software Inc
2008-08-31 00:40 47,360 ----a-w c:\documents and settings\Will\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WRPCAgent"="c:\program files\WinSoftMagic\WinRemotePC\WRPCAgent.exe" [2008-05-16 113152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
"Zone Labs Client"="c:\program files\ZoneAlarm\zlclient.exe" [2004-06-16 697624]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-09-25 1370000]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 c:\windows\system32\TWEAKUI.CPL]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TV Remote Control.lnk - c:\program files\Terminator\TV7131 Utilities\P3XRCtl.exe [2008-08-01 57344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-11-14 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"aux"= ctwdm32.dll
"msacm.divxa32"= DivXa32.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.PVW2"= pvwv220.dll
"VIDC.PIMJ"= pvljpg20.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 03:41 1511453 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 2001-12-08 14:31 75384 c:\progra~1\NORTON~2\Navapw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"Messenger"=2 (0x2)
"wuauserv"=2 (0x2)
"Speed Disk service"=2 (0x2)
"navapsvc"=3 (0x3)
"SBService"=2 (0x2)
"gusvc"=3 (0x3)
"WRPCAgentSrv"=2 (0x2)
"WinRPC10"=3 (0x3)
"NProtectService"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-02-17 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-02-17 5504]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2008-08-01 271104]
R3 radmrdd;radmrdd;c:\windows\system32\drivers\radmrdd.sys [2008-06-30 3328]
R4 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2006-08-14 14976]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-01-29 670592]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\System32\1132.tmp --> c:\windows\System32\1132.tmp [?]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2007-06-02 56960]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [2006-08-07 135168]
S4 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2007-06-02 45440]
S4 WinRPC10;WinRemotePC Server;c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe [2008-06-30 408576]
S4 WRPCAgentSrv;WinRemotePC Agent Helper;c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe [2008-06-30 408576]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
2009-01-24 c:\windows\Tasks\nsldnoji.job
- c:\windows\System32\rqRlJyWo.dll []
2006-08-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2001-11-14 16:38]
.
- - - - ORPHANS REMOVED - - - -
BHO-{11F0AB29-5195-4D8D-B0D1-9ECFC298F635} - (no file)
BHO-{3A403D61-793F-4C5B-AB6A-FB17732DAE7A} - (no file)
BHO-{95b9860a-4df3-49bd-98a2-b7c69e0b6760} - c:\windows\System32\vyaecn.dll
BHO-{BC63A7F0-1C61-4ED5-9AE0-B8EDDE13EFEC} - c:\windows\System32\ljJdDUkk.dll
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\Winampa.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.0.1:8080
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {39C7A678-F726-4B82-BB90-422E9D18CD91} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\ojxrw5l9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mozilla.org/start/
FF - prefs.js: network.proxy.ftp - 192.168.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.168.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - 192.168.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-23 22:49:09
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRPC10]
"ImagePath"="c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WRPCAgentSrv]
"ImagePath"="c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:7DA1B81C-40E33B56-WRPCAgentSrv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\System32\1132.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows\System32\ODBC32.dll
- - - - - - - > 'lsass.exe'(628)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-01-23 22:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 04:52:25
Pre-Run: 2,939,629,568 bytes free
Post-Run: 2,870,910,976 bytes free
283
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:01 PM, on 1/23/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Temp\WillCz.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://192.168.0.1:8080/proxyconfig.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [WRPCAgent] C:\Program Files\WinSoftMagic\WinRemotePC\WRPCAgent.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145198951889
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C7A678-F726-4B82-BB90-422E9D18CD91}: NameServer = 192.168.0.1
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4404 bytes