SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/30/2007 at 09:00 PM
Application Version : 3.9.1008
Core Rules Database Version : 3263
Trace Rules Database Version: 1274
Scan type : Complete Scan
Total Scan Time : 00:48:51
Memory items scanned : 682
Memory threats detected : 2
Registry items scanned : 6248
Registry threats detected : 34
File items scanned : 35782
File threats detected : 67
Trojan.Downloader-Gen/AVP
I:\WINDOWS\TEMP\WIN76.TMP.EXE
I:\WINDOWS\TEMP\WIN76.TMP.EXE
[avp] I:\WINDOWS\TEMP\WIN76.TMP.EXE
I:\WINDOWS\Prefetch\WIN76.TMP.EXE-022CE810.pf
Trojan.Downloader-MGRS
I:\WINDOWS\MGRS.EXE
I:\WINDOWS\MGRS.EXE
[smgr] I:\WINDOWS\MGRS.EXE
I:\WINDOWS\Prefetch\MGRS.EXE-34C3510A.pf
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}
HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}
HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}\InprocServer32
HKCR\CLSID\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}\InprocServer32#ThreadingModel
I:\WINDOWS\SYSTEM32\MLLMM.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9D067E0-5B3F-4EB9-B6B9-89AFEDA70EDF}
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
I:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][1].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
I:\Documents and Settings\Mr Whittle\Cookies\
[email protected][2].txt
Adware.Casino Games (Golden Palace Casino)
I:\POKER\BLUESQUARE POKER\CASINO.EXE
I:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\BLUESQUARE POKER.LNK
I:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BLUESQUARE POKER\BLUESQUARE POKER.LNK
Trojan.Downloader-Gen/Mandingo
I:\DOCUMENTS AND SETTINGS\MR WHITTLE\LOCAL SETTINGS\TEMP\WIN55C.TMP.EXE
I:\WINDOWS\TEMP\WIN7C.TMP.EXE
Trojan.Downloader-SVCHost/Fake
I:\DOCUMENTS AND SETTINGS\MR WHITTLE\LOCAL SETTINGS\TEMP\WIN561.TMP.EXE
I:\WINDOWS\TEMP\WIN85.TMP.EXE
Trojan.Downloader-NoName
I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022213.EXE
Trojan.Downloader-Gen/HitItQuitIt
I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022280.DLL
I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022348.DLL
I:\SYSTEM VOLUME INFORMATION\_RESTORE{8EE23917-22F1-4A5D-A62E-FE5E596678FD}\RP274\A0022358.DLL
Trojan.Downloader-Win/GHY
I:\WINDOWS\SYSTEM32\WINOPN32.DLL
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:07:50, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\WINDOWS\system32\CTsvcCDA.exe
I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
I:\Program Files\Yahoo!\NAV\navapsvc.exe
I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
I:\Program Files\Spyware Doctor\svcntaux.exe
I:\Program Files\Spyware Doctor\swdsvc.exe
I:\Program Files\Spyware Doctor\SDTrayApp.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\WINDOWS\system32\VTTimer.exe
I:\Program Files\VIAudioi\SBADeck\ADeck.exe
I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
I:\PROGRA~1\Yahoo!\YOP\yop.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
I:\Program Files\Creative\MediaSource5\MtdAcqu.exe
I:\PROGRA~1\Yahoo!\browser\ycommon.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Messenger\msmsgs.exe
I:\PROGRA~1\Yahoo!\YOP\secstat.exe
I:\Program Files\OpenOffice.org 2.0\program\soffice.exe
I:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
I:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - I:\WINDOWS\system32\fccywwx.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - I:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - I:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RaidTool] I:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] I:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [FlashIcon] I:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "I:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [YOP] I:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] I:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] I:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wfmlibal.exe] I:\Documents and Settings\All Users\Application Data\wfmlibal.exe
O4 - HKLM\..\Run: [SC2] I:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [SDTray] "I:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [DJSNetCN] I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [NBJ] "I:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "I:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - I:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - I:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddaby - I:\WINDOWS\
O20 - Winlogon Notify: ddayy - I:\WINDOWS\system32\ddayy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - I:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - I:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - I:\WINDOWS\system32\YPCSER~1.EXE