Here is the ComboFix Log
ComboFix 10-03-18.01 - Devin Walker 03/18/2010 21:14:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.910 [GMT -6:00]
Running from: c:\documents and settings\Devin Walker\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Devin Walker\Application Data\inst.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.
2010-03-18 01:05 . 2010-03-18 01:05 -------- d-----w- c:\windows\Logs
2010-03-18 00:28 . 2010-03-18 00:28 -------- d-----w- c:\program files\2BrightSparks
2010-03-18 00:26 . 2010-03-18 00:27 1877540 ----a-w- c:\program files\SyncBack_Setup.zip
2010-03-14 06:22 . 2010-03-14 06:22 503808 ----a-w- c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\msvcp71.dll
2010-03-14 06:22 . 2010-03-14 06:22 499712 ----a-w- c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\jmc.dll
2010-03-14 06:22 . 2010-03-14 06:22 348160 ----a-w- c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-771970f9-n\msvcr71.dll
2010-03-14 06:22 . 2010-03-14 06:22 61440 ----a-w- c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56b4bbb8-n\decora-sse.dll
2010-03-14 06:22 . 2010-03-14 06:22 12800 ----a-w- c:\documents and settings\Devin Walker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56b4bbb8-n\decora-d3d.dll
2010-03-14 00:24 . 2010-03-14 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-14 00:24 . 2010-03-14 00:25 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\OnlineArmor
2010-03-14 00:17 . 2009-12-05 14:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-03-14 00:17 . 2009-12-05 14:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-03-14 00:17 . 2009-12-05 14:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-03-14 00:17 . 2010-03-14 00:17 -------- d-----w- c:\program files\Tall Emu
2010-03-10 02:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Devin Walker\Application Data\Facebook\npfbplugin_1_0_3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 05:01 . 2008-09-05 05:57 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2010-03-18 05:01 . 2008-09-05 05:57 288 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80671102}.dat
2010-03-18 03:12 . 2009-10-31 06:39 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\vlc
2010-03-15 05:16 . 2008-12-18 04:41 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\stickies
2010-03-14 06:22 . 2008-10-09 01:06 -------- d-----w- c:\program files\Java
2010-03-14 06:01 . 2009-10-14 04:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 01:35 . 2010-01-07 01:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-06 23:58 . 2010-02-08 01:01 50354 ----a-w- c:\documents and settings\Devin Walker\Application Data\Facebook\uninstall.exe
2010-03-06 23:58 . 2010-02-08 01:01 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\Facebook
2010-03-06 23:41 . 2009-10-14 04:45 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\CameraWindowDC
2010-02-16 03:44 . 2008-10-09 22:25 1 ----a-w- c:\documents and settings\Devin Walker\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-16 03:44 . 2008-10-09 22:20 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\OpenOffice.org2
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Devin Walker\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Devin Walker\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-22 00:04 . 2009-08-16 20:03 -------- d-----w- c:\documents and settings\Devin Walker\Application Data\Move Networks
2010-01-22 00:02 . 2009-08-16 20:04 144160 ----a-w- c:\documents and settings\Devin Walker\Application Data\Move Networks\uninstall.exe
2010-01-22 00:02 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\Devin Walker\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-22 00:02 . 2010-01-22 00:02 1795704 ----a-w- c:\documents and settings\Devin Walker\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe
2010-01-07 01:08 . 2010-01-07 01:08 52224 ----a-w- c:\documents and settings\Devin Walker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 01:08 . 2010-01-07 01:08 117760 ----a-w- c:\documents and settings\Devin Walker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 21:55 . 2010-01-07 02:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 21:54 . 2010-01-07 02:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 21:23 . 2009-12-30 21:23 38380 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:14 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2007-10-15 16:30 . 2007-10-15 16:30 148242 ----a-w- c:\program files\Common Files\ReportPreview.app
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Devin Walker^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Devin Walker\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Devin Walker^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Devin Walker\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-06-09 02:07 28672 ----a-w- c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 23:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 07:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 04:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-09-24 19:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-09-24 19:32 741376 ----a-r- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 06:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-05-13 22:07 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-05-22 06:20 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-02 00:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\CreatePhotoCalendars\\EZPhotoCreations\\sources\\ezphotocreations.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/13/2010 6:17 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/13/2010 6:17 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/13/2010 6:17 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2009 10:42 PM 108289]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 2:57 PM 6144]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/13/2010 6:17 PM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/13/2010 6:17 PM 3291336]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/17/2008 9:05 PM 16512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-03-19 c:\windows\Tasks\avscan.job
- c:\program files\Avira\AntiVir Desktop\avscan.exe [2009-12-05 18:26]
2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{1CCBC0E5-7AEA-4105-9C1B-0C2B94766677}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
Trusted Zone: aol.com\free
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
AddRemove-HijackThis - c:\program files\Trend Micro\(HJT)\HijackThis.exe
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5
977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,25,f7,ba,b6,f9,b6,43,86,70,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839
E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,25,f7,ba,b6,f9,b6,43,86,70,b4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:33,2b,0a,ec,6c,ec,3b,33,c3,59,83,31,6a,aa,96,6c,78,20,ae,44,72,
4f,6d,28,58,5a,57,c3,02,84,a6,f4,da,c1,8a,93,17,76,f4,76,53,30,4c,a0,91,2e,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:33,2b,0a,ec,6c,ec,3b,33,c3,59,83,31,6a,aa,96,6c,78,20,ae,44,72,
4f,6d,28,58,5a,57,c3,02,84,a6,f4,da,c1,8a,93,17,76,f4,76,53,30,4c,a0,91,2e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(460)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2010-03-18 21:29:15
ComboFix-quarantined-files.txt 2010-03-19 03:29
Pre-Run: 193,721,155,584 bytes free
Post-Run: 193,765,920,768 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - D47CE4FE6312E9BAE6DFF55E9F171DFD
*******************************************
*******************************************
Here is the Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:19 PM, on 3/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\(HJT)\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.espn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) -
http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 6740 bytes
I just hope i'm doing this right.
Thanks