adware - Searchcolors

[steve2603]

Hi,

Anyone know how to get rid of searchcolors ?

Tried McAfee, ad-aware se and Norton but it just keeps coming back after a re-boot..

Thanks,..,

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please do this:

1. Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt here.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.
8. If the folder does not open, please navigate to it.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   

   C:\ComboScan\Supplementary.txt

3. Click Upload.

---------------------------------------------------------------------------------------------

[steve2603]

ComboScan v20070226.18 run by Steve Byars on 2007-02-27 at 10:10:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Steve Byars.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:11:55 AM, on 27-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
C:\Program Files\X-Rite\PULSE ColorElite\PulseLaunch.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\Steve Byars.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O20 - Winlogon Notify: qomkijk - C:\WINDOWS\SYSTEM32\qomkijk.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
3R atmeltpm - C:\WINDOWS\system32\drivers\atmeltpm.sys
3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
2R BASFND - C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
2R CBN - C:\WINDOWS\system32\drivers\CBN.SYS
3R CBUSB (MARX CryptoTech LP) - C:\WINDOWS\system32\drivers\CBUSB.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
3S E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HidBatt (HID UPS Battery Driver) - C:\WINDOWS\system32\drivers\hidbatt.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
0R hotcore - C:\WINDOWS\system32\drivers\hotcore.sys
0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys
3S L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys
3R LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R mfeavfk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys
3R mfebopk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys
3R mfehidk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys
3S mferkdk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mferkdk.sys
3R mfesmfk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfesmfk.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
1R MPFP - C:\WINDOWS\system32\drivers\Mpfp.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NaiAvFilter101 (NAI Anti Virus) - \Device\NaiAvFilter101.sys (not found)
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R P1120VID (Creative WebCam NX Ultra) - C:\WINDOWS\system32\drivers\P1120Vid.sys
0R PBADRV - C:\WINDOWS\system32\drivers\PBADRV.sys
3R Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\drivers\Pcouffin.sys
3S PortTalk - C:\WINDOWS\system32\drivers\PortTalk.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R snapman (Acronis Snapshots Manager) - C:\WINDOWS\system32\drivers\snapman.sys
0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys
0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys
0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys
3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\WINDOWS\system32\drivers\sthda.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
2R tifsfilter (Acronis True Image FS Filter) - C:\WINDOWS\system32\drivers\tifsfilt.sys
0R timounter (Acronis True Image Backup Archive Explorer) - C:\WINDOWS\system32\drivers\timntr.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S X-Rite (%X-Rite.DTP20.Usb.Service%) - C:\WINDOWS\system32\drivers\XrUsb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R AcrSch2Svc (Acronis Scheduler2 Service) - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2R APC UPS Service - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
2R ASFIPmon (Broadcom ASF IP Monitor) - "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
4S DataSvr2 - "C:\Program Files\Wave Systems Corp\Common\DataServer.exe"
3R Emproxy (McAfee E-mail Proxy) - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R EpsonBidirectionalService - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R IAANTMon (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
2R McLogManagerService (McAfee Log Manager) - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
2R mcmispupdmgr (McAfee Update Manager) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McProxy (McAfee Proxy Service) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
2R McRedirector (McAfee Redirector Service) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2R McTskshd.exe (McAfee Task Scheduler) - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
2R mcusrmgr (McAfee User Manager) - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
2R MpfService (McAfee Personal Firewall Service) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
2R MPS9 (McAfee Privacy Service) - C:\PROGRA~1\McAfee\MPS\mps.exe
2R MSK80Service (McAfee SpamKiller Service) - "C:\Program Files\McAfee\MSK\MskSrver.exe"
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R SiteAdvisor Service - C:\Program Files\SiteAdvisor\6028\SAService.exe
4S tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
2S 0082331172587804mcinstcleanup (McAfee Application Installer Cleanup (0082331172587804)) - C:\WINDOWS\TEMP\008233~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service


-- Scheduled Tasks --------------------------------------------------------------

2007-02-24 14:02:59 1450 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job<WRSPYS~1.JOB>
2007-02-13 07:17:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-02-01 01:00:07 364 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-01-18 10:12:28 362 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>


-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 10:11:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-27 09:50:00 0 d-------- C:\Program Files\VSAdd-in
2007-02-27 09:49:59 88340 --a------ C:\WINDOWS\system32\lwiijwfn.exe
2007-02-27 09:49:59 0 d-------- C:\WINDOWS\LastGood
2007-02-24 14:40:22 88340 --a------ C:\WINDOWS\system32\eogqkewp.exe
2007-02-24 14:38:38 118804 --a------ C:\WINDOWS\system32\euumsfre.dll
2007-02-24 14:28:27 88340 --a------ C:\WINDOWS\system32\tirnwmcc.exe
2007-02-24 14:25:48 162 --a------ C:\install.dat
2007-02-24 14:04:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-24 14:02:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-24 14:02:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-24 14:02:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-24 14:02:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-24 14:02:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-24 14:02:30 0 d-------- C:\Program Files\Webroot
2007-02-24 14:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-24 14:01:47 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Webroot
2007-02-24 09:57:18 88340 --a------ C:\WINDOWS\system32\bcwvfmsc.exe
2007-02-23 10:01:01 88340 --a------ C:\WINDOWS\system32\wmofanai.exe
2007-02-23 10:00:26 88340 --a------ C:\WINDOWS\system32\serqruwf.exe
2007-02-22 16:52:57 88340 --a------ C:\WINDOWS\system32\odfabywe.exe
2007-02-22 16:51:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-22 16:51:06 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-22 16:51:06 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-22 16:51:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-22 16:51:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-22 16:50:00 88340 --a------ C:\WINDOWS\system32\yadlwanh.exe
2007-02-22 10:53:50 88340 --a------ C:\WINDOWS\system32\rgmrdmqo.exe
2007-02-22 10:52:52 22749 ---hs---- C:\WINDOWS\system32\mljhggf.dll
2007-02-22 10:50:30 88340 --a------ C:\WINDOWS\system32\koqylpao.exe
2007-02-22 10:27:59 88340 --a------ C:\WINDOWS\system32\jgbxexai.exe
2007-02-22 09:56:44 88340 --a------ C:\WINDOWS\system32\fjxwogqd.exe
2007-02-22 09:56:43 22749 ---hs---- C:\WINDOWS\system32\byxxutr.dll
2007-02-21 12:44:20 971858 ---hs---- C:\WINDOWS\system32\ihkmp.ini2<IHKMP~1.INI>
2007-02-21 12:42:36 88340 --a------ C:\WINDOWS\system32\jtuwksjf.exe
2007-02-21 10:01:25 88340 --a------ C:\WINDOWS\system32\jglkubju.exe
2007-02-21 10:00:11 22749 ---hs---- C:\WINDOWS\system32\nnnomkh.dll
2007-02-21 09:51:05 88340 --a------ C:\WINDOWS\system32\ujjnmnsi.exe
2007-02-21 09:50:46 22749 ---hs---- C:\WINDOWS\system32\byxvwxw.dll
2007-02-20 14:50:12 88340 --a------ C:\WINDOWS\system32\fdgcokcf.exe
2007-02-20 14:15:07 88340 --a------ C:\WINDOWS\system32\geldhlle.exe
2007-02-20 14:14:14 88340 --a------ C:\WINDOWS\system32\ejvlhgjh.exe
2007-02-20 14:09:17 88340 --a------ C:\WINDOWS\system32\tgaunndr.exe
2007-02-20 14:05:48 88340 --a------ C:\WINDOWS\system32\ieytykou.exe
2007-02-20 14:03:47 88340 --a------ C:\WINDOWS\system32\uxtwassj.exe
2007-02-20 14:02:48 88340 --a------ C:\WINDOWS\system32\yboccwpi.exe
2007-02-20 14:00:09 88340 --a------ C:\WINDOWS\system32\gsltmnqu.exe
2007-02-20 13:58:39 88340 --a------ C:\WINDOWS\system32\wuaclekw.exe
2007-02-20 13:41:12 6206 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 13:37:46 88340 --a------ C:\WINDOWS\system32\nbnfbupk.exe
2007-02-20 13:35:11 88340 --a------ C:\WINDOWS\system32\ebctsuej.exe
2007-02-20 13:33:56 88340 --a------ C:\WINDOWS\system32\qgtllddx.exe
2007-02-20 13:11:27 88340 --a------ C:\WINDOWS\system32\unvtqhtl.exe
2007-02-20 13:10:03 88340 --a------ C:\WINDOWS\system32\doghtpvg.exe
2007-02-20 12:37:11 0 d-------- C:\WINDOWS\McAfee.com
2007-02-20 12:18:11 0 d-------- C:\WINDOWS\system32\Dell
2007-02-20 11:53:04 88340 --a------ C:\WINDOWS\system32\qpcrnong.exe
2007-02-20 11:51:56 88340 --a------ C:\WINDOWS\system32\pmqhbesl.exe
2007-02-20 11:38:47 66048 --a------ C:\WINDOWS\ieResetIcons.exe<IERESE~1.EXE>
2007-02-20 10:14:38 88340 --a------ C:\WINDOWS\system32\erpayxld.exe
2007-02-20 10:11:24 77824 --a------ C:\WINDOWS\system32\IPPTAMon.dll
2007-02-20 10:09:35 0 d-------- C:\Program Files\ImagePrint<IMAGEP~1>
2007-02-20 09:09:55 88340 --a------ C:\WINDOWS\system32\iqjhcpgw.exe
2007-02-20 09:09:29 76412 --a------ C:\WINDOWS\system32\kqrlxkcy.dll
2007-02-17 14:25:28 88340 --a------ C:\WINDOWS\system32\udsroewm.exe
2007-02-17 14:25:09 22749 ---hs---- C:\WINDOWS\system32\ljjhiii.dll
2007-02-17 14:24:46 88340 --a------ C:\WINDOWS\system32\lknesecp.exe
2007-02-17 14:20:09 88340 --a------ C:\WINDOWS\system32\nkgxusjt.exe
2007-02-17 14:03:36 88340 --a------ C:\WINDOWS\system32\jdmcubbw.exe
2007-02-17 14:03:20 22749 ---hs---- C:\WINDOWS\system32\xxywusr.dll
2007-02-17 13:41:28 88340 --a------ C:\WINDOWS\system32\budiivek.exe
2007-02-17 13:41:12 22749 ---hs---- C:\WINDOWS\system32\ssqnnki.dll
2007-02-17 13:40:57 88340 --a------ C:\WINDOWS\system32\plohrpbm.exe
2007-02-17 13:23:06 88340 --a------ C:\WINDOWS\system32\avfjldto.exe
2007-02-17 13:22:52 22749 ---hs---- C:\WINDOWS\system32\ddcdbxy.dll
2007-02-17 13:22:23 88340 --a------ C:\WINDOWS\system32\kchoxdcs.exe
2007-02-16 16:59:02 88340 --a------ C:\WINDOWS\system32\rwegycov.exe
2007-02-16 16:48:03 88340 --a------ C:\WINDOWS\system32\cgeixbyk.exe
2007-02-16 16:47:48 88340 --a------ C:\WINDOWS\system32\ljjlkxoh.exe
2007-02-16 16:43:37 88340 --a------ C:\WINDOWS\system32\aeegtevb.exe
2007-02-16 13:51:08 88340 --a------ C:\WINDOWS\system32\nwoahhhd.exe
2007-02-16 12:57:57 88340 --a------ C:\WINDOWS\system32\myhmxlfb.exe
2007-02-16 10:03:05 88340 --a------ C:\WINDOWS\system32\llrlvohv.exe
2007-02-15 16:46:21 0 d-------- C:\epson
2007-02-15 15:24:07 88340 --a------ C:\WINDOWS\system32\mcaqkiem.exe
2007-02-15 15:23:58 22749 ---hs---- C:\WINDOWS\system32\opnmjgf.dll
2007-02-15 11:02:52 22749 ---hs---- C:\WINDOWS\system32\jkkhgda.dll
2007-02-15 10:55:55 22749 ---hs---- C:\WINDOWS\system32\jkkiife.dll
2007-02-15 10:55:40 88340 --a------ C:\WINDOWS\system32\pohxlntp.exe
2007-02-15 10:47:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-15 10:11:57 88340 --a------ C:\WINDOWS\system32\bgywirvp.exe
2007-02-15 10:11:26 22749 ---hs---- C:\WINDOWS\system32\qomkijk.dll
2007-02-14 16:20:37 88340 --a------ C:\WINDOWS\system32\famvttoa.exe
2007-02-14 15:23:54 44165 --a------ C:\WINDOWS\system32\nybdnxsi.dll
2007-02-14 13:59:41 88340 --a------ C:\WINDOWS\system32\jkwycosq.exe
2007-02-14 13:59:24 88340 --a------ C:\WINDOWS\system32\hxhqanet.exe
2007-02-14 09:53:47 44165 --a------ C:\WINDOWS\system32\pqcreysq.dll
2007-02-14 09:53:41 88340 --a------ C:\WINDOWS\system32\ncxglwve.exe
2007-02-14 09:53:03 44060 --a------ C:\WINDOWS\system32\ukjdpmmq.dll
2007-02-13 13:08:57 44165 --a------ C:\WINDOWS\system32\dkamlvtg.dll
2007-02-13 13:05:22 88340 --a------ C:\WINDOWS\system32\tmvhjrqi.exe
2007-02-13 13:05:14 22749 ---hs---- C:\WINDOWS\system32\cbxwvsq.dll
2007-02-13 11:43:30 88340 --a------ C:\WINDOWS\system32\jhdeqvhe.exe
2007-02-13 11:43:16 22749 ---hs---- C:\WINDOWS\system32\efcyxww.dll
2007-02-13 11:43:14 88340 --a------ C:\WINDOWS\system32\wtvnqbcy.exe
2007-02-13 11:07:48 88340 --a------ C:\WINDOWS\system32\ycoudqtl.exe
2007-02-13 11:07:34 22749 ---hs---- C:\WINDOWS\system32\gebcdec.dll
2007-02-13 10:38:59 88340 --a------ C:\WINDOWS\system32\inalppwv.exe
2007-02-13 10:38:42 22749 ---hs---- C:\WINDOWS\system32\nnnligf.dll
2007-02-13 10:38:35 88340 --a------ C:\WINDOWS\system32\abcafwmf.exe
2007-02-12 11:08:40 22749 ---hs---- C:\WINDOWS\system32\khfgday.dll
2007-02-12 10:59:10 88340 --a------ C:\WINDOWS\system32\vlgpjdlu.exe
2007-02-12 10:58:48 88340 --a------ C:\WINDOWS\system32\pestgjbk.exe
2007-02-12 10:58:13 76412 --a------ C:\WINDOWS\system32\emgrumpu.dll
2007-02-10 09:35:43 88340 --a------ C:\WINDOWS\system32\mcihydee.exe
2007-02-10 09:35:36 22749 ---hs---- C:\WINDOWS\system32\yayxxvt.dll
2007-02-09 10:59:50 1238 -----n--- C:\WINDOWS\hpwmdl03.dat
2007-02-09 10:59:50 60701 --a------ C:\WINDOWS\hpwins03.dat
2007-02-09 10:57:31 88340 --a------ C:\WINDOWS\system32\apgvndvf.exe
2007-02-09 09:55:02 88340 --a------ C:\WINDOWS\system32\jmhvswib.exe
2007-02-09 09:53:55 44060 --a------ C:\WINDOWS\system32\btyquldm.dll
2007-02-08 09:52:09 88340 --a------ C:\WINDOWS\system32\xitfjgfu.exe
2007-02-08 09:52:00 22691 ---hs---- C:\WINDOWS\system32\yayayaa.dll
2007-02-07 09:50:56 22691 ---hs---- C:\WINDOWS\system32\yayyyww.dll
2007-02-07 09:50:53 88340 --a------ C:\WINDOWS\system32\wjpfxpag.exe
2007-02-06 16:59:59 44165 --a------ C:\WINDOWS\system32\minglxkv.dll
2007-02-06 10:22:12 88340 --a------ C:\WINDOWS\system32\hkchdijs.exe
2007-02-06 10:22:00 22691 ---hs---- C:\WINDOWS\system32\urqpqrr.dll
2007-02-06 10:18:18 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-02-06 10:18:18 0 d-------- C:\Program Files\Olympus ES-10 Film Scanner<OLYMPU~1>
2007-02-06 10:04:39 88340 --a------ C:\WINDOWS\system32\qtlucluo.exe
2007-02-06 10:04:26 22691 ---hs---- C:\WINDOWS\system32\pmnnnom.dll
2007-02-03 13:40:54 88340 --a------ C:\WINDOWS\system32\mcanwthd.exe
2007-02-03 13:40:42 88340 --a------ C:\WINDOWS\system32\uujnmwns.exe
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-03 12:38:20 0 d-------- C:\Program Files\Downloaded Installations<DOWNLO~1>
2007-02-03 10:02:52 88340 --a------ C:\WINDOWS\system32\ariiftpu.exe
2007-02-03 10:02:34 88340 --a------ C:\WINDOWS\system32\hwnfbsgv.exe
2007-02-02 12:26:24 88340 --a------ C:\WINDOWS\system32\dcdvtvem.exe
2007-02-02 09:53:02 88340 --a------ C:\WINDOWS\system32\jdexgisw.exe
2007-02-02 09:52:46 22029 ---hs---- C:\WINDOWS\system32\fccyvww.dll
2007-02-01 14:40:58 88340 --a------ C:\WINDOWS\system32\yypmbcgv.exe
2007-02-01 14:40:44 22029 ---hs---- C:\WINDOWS\system32\ssqqnnl.dll
2007-01-31 10:27:44 4142592 --a------ C:\WINDOWS\system32\qtintf.dll
2007-01-31 10:27:43 0 d-------- C:\Program Files\APC
2007-01-31 10:26:45 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-01-31 10:26:43 19200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2007-01-31 10:26:42 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-01-31 09:44:55 88340 --a------ C:\WINDOWS\system32\veffyefa.exe
2007-01-31 09:44:31 22029 ---hs---- C:\WINDOWS\system32\nnnnnol.dll
2007-01-31 09:44:28 44060 --a------ C:\WINDOWS\system32\vdktxdlr.dll
2007-01-30 08:45:03 88340 --a------ C:\WINDOWS\system32\vhmujloy.exe
2007-01-30 08:44:23 88340 --a------ C:\WINDOWS\system32\lxvsjkqa.exe
2007-01-30 08:44:19 76412 --a------ C:\WINDOWS\system32\byfdioow.dll
2007-01-30 08:44:03 22029 ---hs---- C:\WINDOWS\system32\iifebxw.dll
2007-01-29 11:29:55 88340 --a------ C:\WINDOWS\system32\flhrttuf.exe
2007-01-29 11:29:52 22029 ---hs---- C:\WINDOWS\system32\xxyyyvv.dll
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-27 13:45:30 88340 --a------ C:\WINDOWS\system32\nyasptpe.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-27 09:56:03 0 d-------- C:\Program Files\Java
2007-02-27 09:49:58 0 d-------- C:\Program Files\McAfee
2007-02-27 09:49:57 969958 ---hs---- C:\WINDOWS\system32\ihkmp.bak2<IHKMP~2.BAK>
2007-02-27 09:48:06 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Wave Systems Corp<WAVESY~1>
2007-02-24 14:28:26 970482 ---hs---- C:\WINDOWS\system32\ihkmp.bak1<IHKMP~1.BAK>
2007-02-23 12:39:33 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 11:23:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 14:53:00 376832 --a------ C:\WINDOWS\system32\MPIWIN32.DLL
2007-02-20 14:53:00 43520 --a------ C:\WINDOWS\system32\CBNDLL.DLL
2007-02-20 14:52:55 44544 --a------ C:\WINDOWS\system32\ZEUS.DLL
2007-02-20 14:52:55 27136 --a------ C:\WINDOWS\system32\VNSERVER.DLL
2007-02-20 14:52:55 40960 --a------ C:\WINDOWS\system32\LMLIBEX.DLL
2007-02-20 13:11:23 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\SiteAdvisor<SITEAD~1>
2007-02-16 11:01:34 2766 --a------ C:\Documents and Settings\Steve Byars\Application Data\com.icctools.ColorShop.plist<COMICC~1.PLI>
2007-02-16 10:59:19 8 --a------ C:\Documents and Settings\Steve Byars\Application Data\_.ini
2007-02-16 10:36:38 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\U3
2007-02-15 13:31:25 0 d-------- C:\Program Files\BitComet
2007-02-15 11:29:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 14:25:32 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-13 10:37:21 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-13 10:04:59 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-13 10:04:15 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-09 11:10:52 0 d-------- C:\Program Files\HP
2007-01-26 16:41:52 88340 --a------ C:\WINDOWS\system32\rmdijxuq.exe
2007-01-26 15:19:00 0 d-------- C:\Program Files\Avery Wizard 3.0<AVERYW~1.0>
2007-01-26 15:17:09 88340 --a------ C:\WINDOWS\system32\pemyxbwg.exe
2007-01-26 14:43:14 0 d-------- C:\Program Files\Common Files\Avery
2007-01-26 12:08:16 88340 --a------ C:\WINDOWS\system32\wdihnnhw.exe
2007-01-26 09:37:03 88340 --a------ C:\WINDOWS\system32\auuteryf.exe
2007-01-24 12:21:32 88340 --a------ C:\WINDOWS\system32\rvtwnapd.exe
2007-01-24 10:54:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Adobe
2007-01-23 12:51:14 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-23 12:20:46 88340 --a------ C:\WINDOWS\system32\fftfvuun.exe
2007-01-23 12:19:59 277192 ---hs---- C:\WINDOWS\system32\pmkhi.dll
2007-01-19 15:02:42 0 d-------- C:\Program Files\X-Rite
2007-01-19 14:44:59 1350 --a------ C:\Documents and Settings\Steve Byars\Application Data\ColorPort.xml<COLORP~1.XML>
2007-01-18 10:13:59 0 d-------- C:\Program Files\McAfee.com
2007-01-18 10:11:24 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-18 10:09:17 76412 --a------ C:\WINDOWS\system32\fogfpewe.dll
2007-01-18 10:09:15 88340 --a------ C:\WINDOWS\system32\kudpwdiy.exe
2007-01-18 10:09:11 44060 --a------ C:\WINDOWS\system32\oiurnexi.dll
2007-01-18 10:09:05 969851 ---hs---- C:\WINDOWS\system32\mlnmp.bak1<MLNMP~1.BAK>
2007-01-17 10:46:16 263963 --a------ C:\WINDOWS\system32\jkhhh.dll
2007-01-17 10:42:44 266883 --a------ C:\WINDOWS\system32\ddcya.dll
2007-01-16 15:23:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Lavasoft
2007-01-16 15:23:34 0 d-------- C:\Program Files\Lavasoft
2007-01-12 10:02:08 22541 ---hs---- C:\WINDOWS\system32\iifccby.dll
2007-01-11 12:53:03 22541 ---hs---- C:\WINDOWS\system32\nnnomml.dll
2007-01-10 18:12:51 22541 ---hs---- C:\WINDOWS\system32\awtqoop.dll
2007-01-10 15:31:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\dvdcss
2007-01-10 14:23:18 0 d-------- C:\Program Files\Xilisoft
2007-01-10 12:02:18 0 d-------- C:\Program Files\CloneDVD
2007-01-10 10:43:07 14545 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 15:41:04 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Help
2007-01-03 1346 164568 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-01-03 1345 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-01-03 1345 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-01-03 1345 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\River Past G5<RIVERP~1>
2007-01-02 16:01:19 0 d-------- C:\Program Files\Common Files\Ahead
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Pro 9800 (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S5I0P2.EXE /P30 \"EPSON Stylus Pro 9800 (Copy 1)\" /O6 \"USB002\" /M \"Stylus Pro 9800\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HPWUTOOLBOX"="C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe \"-i\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"RegistryMechanic"=""
"NWEReboot"=""
"CBSpoolDaemon"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBSpoolDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="muxd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"
"item"="vebbamba"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tcsd_win32.exe"=dword:00000002
"DataSvr2"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wxvault.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkijk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



-- End of ComboScan: finished at 2007-02-27 at 10:12:35 -------------------------

[tetonbob]

That's quite a collection of nasties you have there. We'll have to do this in several posts, but this first round of tools and scanners should take out a lot of what's there.

Among them, One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------


Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt in your next reply at the end of this fix.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• We'll use this later.
  
  ---------------------------------------------------------------------------------------------
  
  Download SDFix and save it to your Desktop.
  
  Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later.
  
  
  ---------------------------------------------------------------------------------------------
  
  Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
  
  ---------------------------------------------------------------------------------------------
  
  
  Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):
  
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  
  O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
  O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll
  O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
  O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
  O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
  
  ALL O18 Entries like this one, EXCEPT the first one.
  
  O18 - Protocol: bw+0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  
  O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
  O20 - Winlogon Notify: qomkijk - C:\WINDOWS\SYSTEM32\qomkijk.dll
  
  
  Close HijackThis now.
  
  ---------------------------------------------------------------------------------------------
  
  
  
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt here in your next reply.

Please go to: VirusTotal

• At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:
  
  C:\Windows\System32\wxvault.dll
  
  
• Click "Open".
• Then click the "Send" button at the top of the VirusTotal page.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------


Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run ComboScan once again

---------------------------------------------------------------------------------------------

Please return with logs from:

C:\VundoFix.txt
AVG Anti-Spyware
VirusTotal
Panda
ComboScan.txt

[steve2603]

Hello,

Thanks for the instructions and point taken regarding P2P..

I have followed your instructions and have attached the log files and screen shots as seperate files.

I could not run VirusTotal, tried several times, it shut down the window and explorer each time.. seemed to do this after reaching this file: SW01068_q uig

also now after re-boot's i have a few windows open with alerts and issues.. I have attached a screenshot of this for your info..

Cheers, Steve


SDFix: Version 1.68

Run by Steve Byars - 27-Feb-07 @ 14:03:07.98

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\