ComboFix 08-04-03.3 - woodley b 2008-04-03 18:50:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1081 [GMT -7:00]
Running from: C:\Users\woodley b\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-04-03 17:35 . 2008-04-03 17:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 17:32 . 2008-04-03 17:32 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-03 17:32 . 2008-04-03 17:32 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-03 17:32 . 2008-04-03 17:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-03 17:30 . 2008-04-03 17:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 23:35 . 2008-04-03 16:53 <DIR> d-------- C:\Users\woodley b\AppData\Roaming\AVG7
2008-04-02 23:34 . 2008-04-02 23:34 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-02 23:34 . 2008-04-02 23:37 <DIR> d-------- C:\Users\All Users\avg7
2008-04-02 23:34 . 2008-04-02 23:34 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-02 23:34 . 2008-04-02 23:37 <DIR> d-------- C:\ProgramData\avg7
2008-04-02 23:34 . 2008-04-02 23:34 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-04-02 23:34 . 2008-04-02 23:34 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-02 22:28 . 2008-04-02 22:32 <DIR> d-------- C:\Users\All Users\Maxtor
2008-04-02 22:28 . 2008-04-02 22:32 <DIR> d-------- C:\ProgramData\Maxtor
2008-04-02 22:28 . 2008-04-02 22:28 <DIR> d-------- C:\Program Files\Maxtor
2008-03-22 16:15 . 2008-03-22 16:15 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-18 17:50 . 2008-03-18 17:50 <DIR> d-------- C:\Users\L Platero33 Az Wildc\AppData\Roaming\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 07:11 --------- d-----w C:\ProgramData\WildTangent
2008-04-03 06:21 --------- d-----w C:\ProgramData\Trend Micro
2008-04-03 05:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 01:44 --------- d-----w C:\Program Files\VirusRanger
2008-03-03 21:04 --------- d-----w C:\Program Files\AntiSpywareShield
2008-03-01 21:22 --------- d-----w C:\Users\L Platero33 Az Wildc\AppData\Roaming\CyberLink
2008-02-22 19:25 --------- d-----w C:\Program Files\Sony
2008-02-22 03:37 --------- d-----w C:\Users\L Platero33 Az Wildc\AppData\Roaming\Sony Corporation
2008-02-22 03:27 --------- d-----w C:\Users\woodley b\AppData\Roaming\Sony Corporation
2008-02-22 03:27 --------- d-----w C:\ProgramData\SonicStage
2008-02-22 02:11 --------- d-----w C:\ProgramData\Sony Corporation
2008-02-22 02:10 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-02-13 13:57 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 13:57 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 13:54 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 13:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 13:49 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 13:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 13:49 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 13:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 13:47 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 13:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 13:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 13:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-09 15:46 27,715 ----a-w C:\Users\woodley b\AppData\Roaming\nvModes.dat
2008-02-08 00:22 --------- d-----w C:\Users\woodley b\AppData\Roaming\Yahoo!
2008-02-08 00:22 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-05 23:03 --------- d-----w C:\Users\L Platero33 Az Wildc\AppData\Roaming\HP
2008-02-05 17:51 28,760 ----a-w C:\Users\L Platero33 Az Wildc\AppData\Roaming\nvModes.dat
2008-01-29 05:38 543,232 ----a-w C:\Windows\System32\FWPUCLNT.DLL
2008-01-29 05:38 416,768 ----a-w C:\Windows\System32\IKEEXT.DLL
2008-01-29 05:38 317,440 ----a-w C:\Windows\System32\BFE.DLL
2008-01-28 17:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-28 17:57 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-28 17:57 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-28 17:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-28 17:57 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-28 17:56 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-28 17:54 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-28 17:53 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-28 17:53 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-28 02:53 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-28 02:53 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-28 02:53 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-28 02:53 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-28 02:53 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-28 02:53 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-28 02:53 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-28 02:52 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-28 02:52 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-12-06 04:09 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 12:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-28 10:56 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 13:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 13:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 13:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 15:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 14:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 00:13 218408]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-05 20:31 1006264]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 23:34 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-02 23:34 219136]
C:\Users\woodley b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-12-05 22:04:11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-02 23:34 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6C55B8CC-D722-4839-BE4B-4E100DF8F165}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{7D1CA2C0-A8DA-47E5-8C04-190E72B0CCDB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 20:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 20:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 07:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-02 23:34]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 14:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 00:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 01:50:00 C:\Windows\Tasks\User_Feed_Synchronization-{BB8666BC-EE04-4AFD-B273-2840D593E140}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-04-03 06:16:17 C:\Windows\Tasks\User_Feed_Synchronization-{E37B9DD2-A342-4A33-95D5-37CCB25FF800}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-03 18:52:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-03 18:53:30
ComboFix-quarantined-files.txt 2008-04-04 01:53:27
Pre-Run: 90,116,919,296 bytes free
Post-Run: 90,119,888,896 bytes free
.
2008-04-03 10:02:05 --- E O F ---
and for Hijack this...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:37 PM, on 4/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.toggle.com/index.php?rvs=hompagR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9395 bytes