ComboFix 09-07-09.07 - Bill 07/11/2009 11:14.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.205 [GMT -7:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts
.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-11 09:29 . 2009-07-11 09:29 -------- d-----w- c:\winnt\LastGood.Tmp
2009-07-10 22:27 . 2009-07-10 22:27 -------- d-----w- c:\documents and settings\Bill\DoctorWeb
2009-07-10 20:36 . 2009-07-10 21:41 -------- d-----w- c:\winnt\BDOSCAN8
2009-07-10 07:16 . 2009-07-10 09:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-10 06:48 . 2009-06-26 17:36 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-10 06:43 . 2009-07-10 06:43 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-07-10 06:43 . 2009-07-10 06:43 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-10 06:42 . 2009-07-10 06:42 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-07-10 06:42 . 2009-07-11 01:20 -------- d-----w- c:\winnt\system32\drivers\Avg
2009-07-10 06:42 . 2009-07-10 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-10 06:42 . 2009-07-10 06:42 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2009-07-10 06:41 . 2009-07-10 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-09 19:35 . 2009-07-09 19:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprint
2009-07-09 19:15 . 2009-07-09 19:15 -------- d-----w- c:\documents and settings\Bill\Application Data\Sprint
2009-07-09 19:04 . 2008-10-15 18:58 27072 ----a-w- c:\winnt\system32\drivers\PCASp50.sys
2009-07-09 19:03 . 2005-03-15 18:11 17920 ----a-w- c:\winnt\system32\apintfnt.dll
2009-07-09 19:03 . 2008-04-13 17:45 17152 ----a-w- c:\winnt\system32\drivers\usbohci.sys
2009-07-09 19:03 . 2008-04-13 17:45 17152 ----a-w- c:\winnt\system32\dllcache\usbohci.sys
2009-07-09 19:01 . 2007-01-18 17:24 26496 ----a-r- c:\winnt\system32\drivers\RimSerial.sys
2009-07-09 18:55 . 2009-07-09 18:55 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-07-09 18:55 . 2009-07-09 19:03 -------- d-----w- c:\program files\Sierra Wireless
2009-07-09 18:54 . 2009-07-09 19:02 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-09 18:54 . 2009-07-09 18:54 -------- d-----w- c:\program files\Novatel Wireless
2009-07-09 18:54 . 2009-07-09 18:54 -------- d-----w- c:\program files\Sprint
2009-07-09 18:54 . 2009-07-09 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2009-07-09 18:45 . 2009-07-09 18:45 -------- d-----w- c:\documents and settings\Bill\Application Data\Sierra Wireless
2009-07-09 17:43 . 2009-07-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-07-09 17:35 . 2009-07-09 17:35 -------- d-----w- c:\program files\Sierra Wireless Inc
2009-07-09 17:35 . 2009-07-09 17:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-07-08 19:56 . 2009-07-08 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2009-07-08 19:55 . 2009-07-10 01:06 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 19:53 . 2009-07-08 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-08 18:45 . 2009-07-09 19:23 117760 ----a-w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 18:42 . 2009-07-08 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 18:41 . 2009-07-08 22:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 18:41 . 2009-07-08 18:41 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com
2009-07-08 07:38 . 2009-07-08 07:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37 -------- d-----w- c:\program files\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37 -------- d-----w- C:\!KillBox
2009-07-08 07:34 . 2009-07-08 07:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-07 23:04 . 2009-07-07 23:04 94104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 21:39 . 2009-07-07 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-07 21:33 . 2009-07-07 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 21:33 . 2009-07-07 21:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-20 04:07 . 2009-06-20 04:07 -------- d-s---w- c:\winnt\system32\%USERPROFILE%
2009-06-17 05:12 . 2009-06-17 05:12 -------- d-----w- c:\winnt\system32\Mozilla Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 06:04 . 2003-07-04 04:21 -------- d-----w- c:\program files\CLEARview
2009-07-11 00:31 . 2004-06-22 22:39 -------- d-----w- c:\program files\AIM
2009-07-08 19:57 . 2009-01-30 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-07-07 21:05 . 2008-12-27 02:46 -------- d-----w- c:\program files\CleanUp!
2009-06-24 01:52 . 2004-08-30 21:40 -------- d-----w- c:\documents and settings\Pat\Application Data\WeatherBug
2009-06-18 02:17 . 2007-11-03 23:20 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-09 13:54 . 2009-06-08 20:13 0 ----a-w- c:\winnt\system32\drivers\c1fd68c2.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 17:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-10 06:43 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SQLAgent$ALAMODE"=3 (0x3)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$ALAMODE"=2 (0x2)
"dhcpsrv"=2 (0x2)
"BITS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [7/9/2009 11:43 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [7/9/2009 11:42 PM 108552]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2009 11:42 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2009 11:42 PM 298776]
S3 ati2mpaa;ati2mpaa;c:\winnt\system32\drivers\ati2mpaa.sys [10/3/2001 8:23 AM 281856]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S4 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9158656]
S4 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-11 11:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3856)
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-11 11:34
ComboFix-quarantined-files.txt 2009-07-11 18:33
ComboFix2.txt 2009-07-10 18:50
Pre-Run: 6,347,952,128 bytes free
Post-Run: 6,539,554,816 bytes free
160 --- E O F --- 2009-05-17 15:02
Malwarebytes' Anti-Malware 1.38
Database version: 2411
Windows 5.1.2600 Service Pack 3
7/11/2009 3:42:47 PM
mbam-log-2009-07-11 (15-42-28).txt
Scan type: Quick Scan
Objects scanned: 124641
Time elapsed: 15 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\mmkl.kl.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{277e1fe0-cf65-11d3-b377-0800460222f0} (Adware.Iwon) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6d54a7c0-c379-11d3-b377-0800460222f0} (Adware.Iwon) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{78429873-f771-11d3-ae1d-0050dac24e8f} (Adware.Iwon) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c298fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\Pat\Start Menu\Programs\WhenU (Adware.WhenUSave) -> No action taken.
C:\Program Files\MySearch (Adware.MyWebSearch) -> No action taken.
c:\program files\MySearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\MySearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\MySearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
Files Infected:
c:\documents and settings\Pat\start menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\Uninstall.lnk (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\WhenU Help Desk.lnk (Adware.WhenUSave) -> No action taken.
c:\documents and settings\Pat\start menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> No action taken.
c:\program files\MySearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\All Users\Documents\gifnoc.xtx (Trojan.Agent) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:53 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
F:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sprint RcAppSvc (sprintrcappsvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O24 - Desktop Component 0: (no name) -
http://i.a.cnn.net/cnn/.element/img/1.3/video/broadband/player/2.0/broadband_hdr.gif--
End of file - 4428 bytes