ComboFix 08-03-26.3 - Sara 2008-03-28 16:46:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.276 [GMT -6:00]
Running from: C:\Documents and Settings\Sara\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sara\Desktop\cfscript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.
2008-03-27 14:33 . 2008-03-27 14:35 <DIR> d-------- C:\NoLopBackups
2008-03-26 17:11 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-26 17:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-26 17:11 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-26 17:11 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-25 18:08 . 2008-03-25 18:08 4,608,744 --a------ C:\Program Files\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-03-25 14:37 . 2008-03-27 14:13 67 --a------ C:\WINDOWS\DVDRegionFree.INI
2008-03-24 12:53 . 2008-03-24 12:53 <DIR> d-------- C:\Program Files\ERUNT
2008-03-24 12:52 . 2008-03-24 12:53 791,393 --a------ C:\Program Files\erunt-setup.exe
2008-03-24 00:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-24 00:49 . 2008-03-24 00:50 <DIR> d-------- C:\Program Files\Java
2008-03-24 00:49 . 2008-03-24 00:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-23 17:41 . 2008-03-23 17:41 <DIR> d-------- C:\Documents and Settings\Sara\Application Data\Malwarebytes
2008-03-23 17:41 . 2008-03-23 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 01:43 . 2008-03-22 01:43 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-21 20:20 . 2008-03-25 15:40 <DIR> d-------- C:\Documents and Settings\Sara\Application Data\SolSuite
2008-03-21 18:44 . 2008-03-21 18:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-21 18:44 . 2008-03-21 18:44 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-21 18:28 . 2008-03-23 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 18:27 . 2008-03-21 18:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 20:26 . 2008-03-21 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-20 20:15 . 2008-03-21 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-20 20:15 . 2008-03-20 20:15 38,473,056 --a------ C:\Program Files\CNET_VSP30days.exe
2008-03-20 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-20 12:41 . 2008-03-20 12:41 50 --a------ C:\WINDOWS\BRQIKMON.INI
2008-03-20 12:40 . 2008-03-21 14:50 <DIR> d-------- C:\Documents and Settings\Sara\Application Data\PC-FAX TX
2008-03-19 20:05 . 2004-12-03 01:26 188,416 --a------ C:\WINDOWS\system32\PDRVINST.DLL
2008-03-19 20:05 . 2006-01-17 01:03 126,976 --a------ C:\WINDOWS\system32\BrfxD05a.dll
2008-03-19 20:05 . 2005-06-02 01:09 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-03-19 20:05 . 2005-06-02 01:08 69,632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-03-19 20:05 . 2001-11-15 01:00 6,224 --a------ C:\WINDOWS\CVRPAGE.BMP
2008-03-19 20:05 . 2008-03-28 15:29 0 --a------ C:\WINDOWS\brdfxspd.dat
2008-03-19 20:04 . 2008-03-19 20:04 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-03-19 20:04 . 2008-03-19 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-19 20:04 . 2003-09-24 11:36 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-03-19 19:58 . 2008-03-19 19:58 0 --------- C:\Bro59.tmp
2008-03-19 19:55 . 2008-03-21 19:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-19 19:18 . 2008-03-19 20:06 <DIR> d-------- C:\Program Files\Brother
2008-03-19 09:48 . 2008-03-19 09:52 470 --a------ C:\WINDOWS\wininit.ini
2008-03-16 19:35 . 2008-03-16 19:36 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-15 16:10 . 2001-08-18 06:00 1,700,352 --------- C:\WINDOWS\system32\GdiPlus.dll
2008-03-15 16:10 . 2002-11-27 18:26 114,688 --------- C:\WINDOWS\system32\jpegcode.dll
2008-03-15 16:10 . 2002-09-06 18:54 53,248 --------- C:\WINDOWS\system32\AccWrap.dll
2008-03-15 16:10 . 2002-10-29 18:21 45,664 --------- C:\WINDOWS\system32\drivers\CoachVc.sys
2008-03-15 16:10 . 2002-11-22 19:45 41,952 --------- C:\WINDOWS\system32\drivers\CoachUsb.sys
2008-03-15 16:10 . 2002-11-21 12:14 39,424 --------- C:\WINDOWS\system32\CoachWia.dll
2008-03-15 16:10 . 2008-03-16 14:05 22 --a------ C:\Program Files\c310.zip
2008-03-15 10:06 . 2008-03-15 10:06 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-15 10:06 . 2008-03-15 10:06 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-03-15 10:05 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-15 10:05 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-15 10:05 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-15 10:05 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-15 10:00 . 2008-03-28 15:34 1,053 --a------ C:\WINDOWS\Brpfx04a.ini
2008-03-15 10:00 . 2008-03-20 12:40 153 --a------ C:\WINDOWS\brpcfx.ini
2008-03-15 10:00 . 2008-03-19 20:06 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-03-15 09:59 . 2008-03-19 19:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-15 09:59 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
2008-03-15 09:59 . 2004-12-10 16:35 147,456 --a------ C:\WINDOWS\brunin03.dll
2008-03-15 09:59 . 2006-02-16 18:49 52,736 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-03-15 09:59 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
2008-03-15 09:59 . 2004-10-15 12:50 15,295 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2008-03-15 09:57 . 2008-03-15 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 09:56 . 2008-03-19 20:04 <DIR> d-------- C:\Program Files\ScanSoft
2008-03-15 09:55 . 2008-03-15 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-03-08 11:09 . 2008-03-08 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 11:08 . 2008-03-08 11:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 21:35 --------- d-----w C:\Program Files\RegScrubXP
2008-03-22 21:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-22 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-21 22:09 --------- d-----w C:\Documents and Settings\Sara\Application Data\AVG7
2008-03-20 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 18:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 14:47 --------- d-----w C:\Program Files\Incomplete
2008-03-20 02:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 02:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 14:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-17 04:58 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-03-15 23:16 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-12 19:55 40,730 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-08 17:09 --------- d-----w C:\Program Files\Lavasoft
2008-03-08 17:09 --------- d-----w C:\Documents and Settings\Sara\Application Data\Lavasoft
2008-02-27 22:57 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-02-15 04:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 20:20 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-02-04 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-31 06:11 --------- d-----w C:\Program Files\OverDrive Media Console
2008-01-31 06:11 --------- d-----w C:\Documents and Settings\Sara\Application Data\OverDrive
2008-01-11 18:20 553,687 ----a-w C:\Program Files\jv16_regcleaner.exe
2008-01-11 18:07 593,556 ----a-w C:\Program Files\regscrubxpsetup_3.2.exe
2007-12-27 18:02 32 --sha-w C:\WINDOWS\{0C12DB23-1BE2-4364-BFAA-6F5D9129BA61}.dat
2007-12-27 18:05 32 --sha-w C:\WINDOWS\{1B77EDC5-1688-4797-BA2D-7B17CF56CB30}.dat
2007-12-27 18:02 32 --sha-w C:\WINDOWS\{22BE5C96-6912-4844-B877-5B823AD9B260}.dat
2007-12-27 18:04 32 --sha-w C:\WINDOWS\{2E5205F4-C65A-4D26-8D21-D6A2DAA83314}.dat
2007-12-27 18:01 32 --sha-w C:\WINDOWS\{3BD78CE5-4886-4A8D-879E-D3604BF3CBE3}.dat
2007-12-27 18:04 32 --sha-w C:\WINDOWS\{A0337C34-3D4E-449C-8E79-A26151D03235}.dat
2007-12-27 18:02 32 --sha-w C:\WINDOWS\{C354F08C-4F05-4AFA-82AE-342DA03BB497}.dat
2007-12-27 18:02 32 --sha-w C:\WINDOWS\system32\{130E8F94-C662-49ED-AE40-05594E9EFB43}.dat
2007-12-27 18:04 32 --sha-w C:\WINDOWS\system32\{1E4A546D-C55E-4052-A7F5-AE0C5B7534F6}.dat
2007-12-27 18:04 32 --sha-w C:\WINDOWS\system32\{770AD5A9-EAE7-46E2-88C7-7BD6908E39CC}.dat
2007-12-27 18:05 32 --sha-w C:\WINDOWS\system32\{ACB29618-EEF3-4AD4-B2B2-5DBB667C35A1}.dat
2007-12-27 18:02 32 --sha-w C:\WINDOWS\system32\{C71E13F1-33A7-4A76-956F-D297C2A27665}.dat
2007-12-27 18:01 32 --sha-w C:\WINDOWS\system32\{CD413577-1356-422D-AA2E-64C023005796}.dat
2007-12-27 18:02 32 --sha-w C:\WINDOWS\system32\{D4CF1B07-7D22-43F2-A0AF-E389C73077DA}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-21 19:26 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-27 12:01 145920]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)
"21439:TCP"= 21439:TCP:BitComet 21439 TCP
"21439:UDP"= 21439:UDP:BitComet 21439 UDP
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 15:58]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 21:50]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-27 16:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-28 16:49:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
.
**************************************************************************
.
Completion time: 2008-03-28 16:53:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 22:53:14
ComboFix2.txt 2008-03-27 20:53:45
ComboFix3.txt 2008-03-26 14:29:42
Pre-Run: 4,056,543,232 bytes free
Post-Run: 4,046,598,144 bytes free
.
2008-03-22 07:44:35 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:45 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Sara\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 5581 bytes