Help I am being Hijacked - HLT log attached

[HunterCub]

Ok first off, I will say hi since this is my first time to the site and my first post here.

With that aside it is now on to bussiness.

I know my computer is infected with malware (ie. viruses, trojans, and possibly other crap) but I am at a loss on how to take care of ti at this point.

it has effected my computer so that my windows installer is completely useless. I can not load or remove a lot of software from ym computer due to this problem and also can not update my OS because of it as well.

I know after running both Spyware S&D and NoAdware that I have something on my comp called "Kernell" but can't remove it. I have tried to repeatedly but it always regenerates itself.

I am now under the impression that I have other trojans and spyware, ect, ect on my system now as well.



I have been following the 5 steps in the stickies and have so far run accross two problems. 1) I can't load Ad-Aware because of the infection and 2) I can't update my system liked asked to do in step 4 (I am also running service pack 2 and was infected after getting it)

I am right now running Panda Active scan and am getting an astronomical amount of viruses popping up which i will provide the log for once the scan is completed.....which may be a while it seems

For now what I do have is the log generated by "HackThis" which I am posting here and now:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:23 PM, on 2/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\ml-cleanup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joey\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edmnex.us/azinfoline/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [{D4D25EE0-0BE8-1033-1022-020208080001}] "C:\Program Files\Common Files\{D4D25EE0-0BE8-1033-1022-020208080001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{D4D25EE0-0BE9-1033-1022-020208080001}] "C:\Program Files\Common Files\{D4D25EE0-0BE9-1033-1022-020208080001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\RunServices: [Act 3d] C:\windows\Act 3d.exe
O4 - HKLM\..\RunServices: [Acoustica Mp3 To Wave Converter Plus] C:\windows\Acoustica Mp3 To Wave Converter Plus.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [Ahead] C:\windows\Ahead.exe
O4 - HKCU\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKCU\..\Run: [K059RSNmW] qedearts.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Act 3d] C:\windows\Act 3d.exe
O4 - HKCU\..\Run: [Acoustica Mp3 To Wave Converter Plus] C:\windows\Acoustica Mp3 To Wave Converter Plus.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [uuqf] C:\PROGRA~1\COMMON~1\uuqf\uuqfm.exe
O4 - HKCU\..\Run: [Ahead] C:\windows\Ahead.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm090YYUS
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/26beed0d156f01f...p/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1139460973281
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126793472843
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite/fvliteY.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://otp.mycricket.com/mmawap/jsp/.../mmsPlayer.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/CTPID.cab
O18 - Protocol: bw+0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebya - gebya.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe



Any and all help would be greatly appreciated.

Yours truely,
HunterCub

[HunterCub]

Ok, Panda finally finished and yielded that I have a few worms and trojans to deal with. but the log is 4523001 characters long and the forum will only allow for 100000 characters per post. I am not sure how you want me to post it, but I have it saved on my computer

As said in the title of the thread, I am at my wits end

[HunterCub]

BUMP!!!

Please, I need your help. More problems have arrisen. Now my installshield doesnt work and my speaker and soundcard drivers have been rendered useless as well.

[HunterCub]

BUMP!!!!, ok I know it hasnt been 48 hours since my last bump, but I fear that if I dont get help soon my computer is going to completely crash and wont be good to me or anyone else for that matter anymore.


Even more problems have arrisen since yesterday. Now, my window boot up screen is highly pixelated and some of the images for shortcuts on the desktop arent showing up (although the filename text does) One of the files this has happened to is my Hijackthis.exe


I need really need your guys help. I truely fear that if I dont get this taken care of soon that my computer will be completely useless within a week.

I am begging and pleading at this point. I really have no clue wut to do anymore.

I re-ran hijackthis.exe again and generated a new log to look at which is posted at the end of this message:

Logfile of HijackThis v1.99.1
Scan saved at 6:45:03 AM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Documents and Settings\Joey\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edmnex.us/azinfoline/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/.../search/search.

html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} -

C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1

\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} -

C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3

\hpztsb07.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -

osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKCU\..\Run: [K059RSNmW] qedearts.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --

force_start_minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [uuqf] C:\PROGRA~1\COMMON~1\uuqf\uuqfm.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbar...p=ZJxdm090YYUS
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!

\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack -

res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-

4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} -

C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program

Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32

\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -

http://install.homestead.com/~site/I...ve/HS_live.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

http://www.creative.com/SU/ocx/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -

http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

- http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -

http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -

https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -

http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://207.188.7.150/26beed0d156f01f...p/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsof...uweb_site.cab?

1139460973281
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -

http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...uweb_site.cab?

1126793472843
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -

http://digitalflip.net/fvlite/fvliteY.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) -

http://otp.mycricket.com/mmawap/jsp/.../mmsPlayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -

http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -

http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/bingame/apop/def...ploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/is...92/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support

Package) - http://www.creative.com/SU/ocx/CTPID.cab
O18 - Protocol: bw+0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {71A98B01-ED16-4E1B-B950-7926EDB3CEEC} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebya - gebya.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program

Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program

files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1

\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1

\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

[HunterCub]

BUMP!!! Ok I have had to do a full format of my computer and it is still way jacked up...although I am now able to use the windows installer and install shield again and have been able to update my computer using windows update now. I really need your help. I own and manage a bussiness off this computer and it is getting worse and worse by the second.

I now have these wierd squares that flicker on my screen and am only able to run my computer in either VGA mode or Safe mode.

I NEED HELP!!!!!!

[HunterCub]

Ok, I have McAffee installed now and I am 100% possitive that I am being hacked. How do I remove hackers and there software from my pc?

[HunterCub]

Hi, I have recently done a whole system format and reinstall, but I am still being hacked somehow. It seems there are multiple instances of the svchost running at the same time. I am not sure if that has anything to do with it or not.

Here is my HTJ log:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:55 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\CTHELPER.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Joey\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171862607015
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

[HunterCub]

Bump.

[Ried]

Hello HunterCub and welcome to TSF,

Our apologies for the oversight of your previous thread.

I'm assuming this is the same computer--if it is indeed the same, I'll merge the threads together for continuity.

I'm not seeing any malware presenting itself in your Hijackthis log. Regarding the multiple svchost.exe --this is normal......read more here

Quote:

The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

---------------------------------------------------

Your issue (if it's the same as you mentioned in your other thread) sounds as though it may be a video driver problem. I'm not seeing any malware in this log, but we'll run a few tools and see if any malware is revealed.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log

[HunterCub]

Ok, first off, yes this is the same system as my other thread. I ended up backing up files i needed and doing a full system format and reinstall of windows because the problems was getting worse exponentially.

It seems you are right that there is no malware on my system now though. from what panda scan is saying anyhow.


But, I am having wierd occurances like people constantly trying to ping me or gain access to my various udp and tcp/ip ports. I know they are trying to use programs like SSH, PC Anywhere, NEWTEAR, and VNC-App1 as well from wut McAffee firewall plus is telling me. I have my McAfee internet security suite activated and running propperly but I am wondering how they can still see my computer after I had my IP address changed through myt ISP just two days ago. A lot of the time they are trying to access ports 1026 thru 1028 (UDP)

Furthurmore after I turn off my computer my modem tell me it can't see the computer (like it normally does) but then the comp light switches back on and the data light starts blinking indictaing the passing of some form of data (if at the least an attempt to connect). The lights on the back of my NIC card blink too when this is going on. Is this someone trying to get into my system?

I did have P2P software on the comp at one point in time, but as stated earlier i did a full format of the c: drive and I was under the impression that should have removed all instances of any of that crap for sure.

Here are my logs (except for Panda Scan since there were no ionfections and therefor doesn't generate a log):

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:23:50 AM 2/22/2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{2A1E37A4-04F1-5535-0715-F2C7C83EB4EE} -> Adware.SpyOnThis : Cleaned with backup (quarantined).


::Report end








Logfile of HijackThis v1.99.1
Scan saved at 10:14:37 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfConsole.exe
C:\Documents and Settings\Joey\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edmnex.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171862607015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

[Ried]

Even when you change your IP, you are still not entirely 'invisible' on the internet. This is why Firewalls are a good thing to have on a system--McAfee is doing it's job.

Why you are having those issues with your modem, I do not know. You would be better served discussing that in the Networking Forum.

We can do one more check to see if malware is the cause of any of the issues.

1. Download ComboScan to your Desktop.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt in your next reply

[HunterCub]

ComboScan v20070221.16 run by Joey on 2007-02-24 at 13:40:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Joey.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:40:45 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Documents and Settings\Joey\Desktop\comboscan.exe
C:\Documents and Settings\Joey\Desktop\Joey.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edmnex.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1171862607015
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys
1R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys
1R cdudf_xp - C:\WINDOWS\system32\drivers\cdudf_xp.sys
0S cercsr6 - C:\WINDOWS\system32\drivers\cercsr6.sys
3R ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\ctac32k.sys
3R ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys
3S ctdvda2k (Creative DVD-Audio Device Driver) - C:\WINDOWS\system32\drivers\ctdvda2k.sys
3R ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
3R ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
3S dvd_2K - C:\WINDOWS\system32\drivers\Dvd_2k.sys
3R E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\emupia2k.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
3R hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\haP16v2k.sys
3S hap17v2k (Creative P17V HAL Driver) - C:\WINDOWS\system32\drivers\haP17v2k.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFBS2S2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSFDPSP2.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3S IPFilter (Microsoft IntelliPoint Features driver) - C:\WINDOWS\system32\drivers\ipfilter.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3R mmc_2K - C:\WINDOWS\system32\drivers\Mmc_2k.sys
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
1R MPFIREWL - C:\WINDOWS\system32\drivers\MpFirewall.sys
3R Msikbd2k (DellTouch) - C:\WINDOWS\system32\drivers\Msikbd2k.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R OMCI - C:\WINDOWS\system32\drivers\omci.sys
3R ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
3S PacketNTx (Packet helper driver) - C:\WINDOWS\system32\drivers\PacketNTx.sys
3S pc22nd5 (Toshiba PCX2200 USB Cable Modem networking driver (NDIS)) - C:\WINDOWS\system32\drivers\pc22nd5.sys
3S pc22unic (Toshiba PCX2200 USB Cable Modem WDM driver) - C:\WINDOWS\system32\drivers\pc22unic.sys
1R pwd_2k - C:\WINDOWS\system32\drivers\pwd_2K.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R QCDonner (Logitech QuickCam Express(PID_0840)) - C:\WINDOWS\system32\drivers\lvcd.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
1R UdfReadr_xp - C:\WINDOWS\system32\drivers\udfreadr_xp.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R winachsf - C:\WINDOWS\system32\drivers\HSFCXTS2.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2S Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R BITS (Background Intelligent Transfer Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\system32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\system32\Imapi.exe
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R lanmanserver (Server) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R McDetect.exe (McAfee WSC Integration) - c:\program files\mcafee.com\agent\mcdetect.exe
2R McShield (McAfee.com McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
2R McTskshd.exe (McAfee Task Scheduler) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
2R MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
4S Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\system32\mnmsrvc.exe
2R MpfService (McAfee Personal Firewall Service) - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\system32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
2R MskService (McAfee SpamKiller Server) - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\system32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
2R Nhksrv (Netropa NHK Server) - C:\WINDOWS\Nhksrv.exe
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\system32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2S PolicyAgent (IPSEC Services) - C:\WINDOWS\system32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{3596F228-9037-4BDF-830A-A8E235BE8414}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-20 00:05:24 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-22 12:25:17 0 d-------- C:\Program Files\SHOUTcast<SHOUTC~1>
2007-02-22 08:34:01 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-22 08:33:55 0 d-------- C:\Program Files\Grisoft
2007-02-21 10:34:50 0 d-------- C:\Documents and Settings\Joey\Application Data\OfficeUpdate12<OFFICE~1>
2007-02-21 08:36:05 0 d-------- C:\Documents and Settings\Joey\Application Data\Skype
2007-02-21 08:35:56 0 d-------- C:\Program Files\Common Files\Skype
2007-02-21 08:35:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-02-21 08:35:17 0 d-------- C:\Program Files\Skype
2007-02-20 19:07:04 0 d-------- C:\Documents and Settings\Joey\Application Data\CyberLink<CYBERL~1>
2007-02-20 19:02:42 0 d-------- C:\WINDOWS\Profiles
2007-02-20 19:02:38 0 d-------- C:\WINDOWS\system32\Adobe
2007-02-20 19:02:38 0 d-------- C:\Documents and Settings\Joey\Application Data\Adobe
2007-02-20 19:02:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 19:02:37 0 d-------- C:\Documents and Settings\Joey\Application Data\InterTrust<INTERT~1>
2007-02-20 15:56:16 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-02-20 15:56:15 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-02-20 15:56:14 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-02-20 15:56:14 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-02-20 15:56:14 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-02-20 15:56:13 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-02-20 15:56:13 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-02-20 15:56:12 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-02-20 15:56:12 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-02-20 15:56:04 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-02-20 14:26:05 0 d-------- C:\Documents and Settings\Joey\Application Data\Help
2007-02-20 14:18:08 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-20 14:16:38 0 d-------- C:\b488171359bee48500c070cad8<B48817~1>
2007-02-20 14:16:28 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-20 14:16:28 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-20 14:15:19 253952 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-20 14:15:18 73728 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-02-20 14:15:18 3502162 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-02-20 14:15:18 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2007-02-20 14:15:18 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-20 14:15:17 32768 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-20 14:15:17 73728 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-20 14:15:17 49152 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-02-20 14:15:17 131072 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-20 14:15:17 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-20 14:15:16 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-20 14:15:16 629399 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-20 14:15:16 28672 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-02-20 14:15:15 480512 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-20 14:15:15 236288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-20 14:15:15 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-20 14:14:47 0 d-------- C:\Program Files\CONEXANT
2007-02-20 12:59:32 0 d-------- C:\Documents and Settings\Joey\Application Data\Uniblue
2007-02-20 12:24:55 24544 -----n--- C:\WINDOWS\system32\drivers\PacketNTx.sys<PACKET~1.SYS>
2007-02-20 12:01:31 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-20 12:01:26 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-02-20 12:01:14 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-20 10:40:22 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-20 10:13:58 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-02-20 00:43:50 102400 --a------ C:\WINDOWS\system32\LVComS.exe
2007-02-20 00:43:50 57344 --a------ C:\WINDOWS\system32\LVComC.dll
2007-02-20 00:43:50 414720 --a------ C:\WINDOWS\system32\drivers\lvcodek2.dll
2007-02-20 00:43:50 66560 --a------ C:\WINDOWS\system32\drivers\lvcam2.dll
2007-02-20 00:43:48 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-02-20 00:43:27 0 d-------- C:\Program Files\Windows Media Components<WINDOW~4>
2007-02-20 00:43:11 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-02-20 00:31:11 53248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-02-20 00:31:03 69632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-02-20 00:31:03 12112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-02-20 00:31:02 73728 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-02-20 00:31:02 110592 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-02-20 00:31:02 167936 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-02-20 00:31:02 39936 --a------ C:\WINDOWS\system32\drivers\lvcd.sys
2007-02-20 00:30:58 0 d-------- C:\Program Files\Common Files\Logitech
2007-02-20 00:30:46 215552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2007-02-20 00:30:46 462848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2007-02-20 00:30:44 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-20 00:30:44 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-20 00:30:44 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-02-20 00:30:44 49152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-02-20 00:30:44 49152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-02-20 00:30:44 61440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-02-20 00:30:44 61440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-02-20 00:30:44 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-02-20 00:30:44 65536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-02-20 00:30:44 45056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-02-20 00:30:44 40960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-02-20 00:30:44 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-02-20 00:30:44 89088 --a------ C:\WINDOWS\system32\atl71.dll
2007-02-20 00:30:43 466944 --a------ C:\WINDOWS\system32\QCUI2.dll
2007-02-20 00:30:42 856064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2007-02-20 00:30:42 406016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-02-20 00:30:42 164864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-02-20 00:30:42 131072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-02-20 00:30:42 207872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-02-20 00:30:42 259072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-02-20 00:30:41 141312 --a------ C:\WINDOWS\system32\lftif12n.dll
2007-02-20 00:30:41 78336 --a------ C:\WINDOWS\system32\lffax12n.dll
2007-02-20 00:30:41 328704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-02-20 00:30:41 30720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-02-20 00:30:39 90112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2007-02-20 00:29:54 0 d-------- C:\Program Files\Logitech
2007-02-20 00:08:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-20 0050 0 d-------- C:\Documents and Settings\Joey\Application Data\Apple Computer<APPLEC~1>
2007-02-20 0036 0 d-------- C:\Program Files\iPod
2007-02-20 0029 0 d-------- C:\Program Files\iTunes
2007-02-20 00:05:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-20 00:05:21 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-20 00:05:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-19 15:26:16 0 d-------- C:\Documents and Settings\Joey\Application Data\GTek
2007-02-19 15:26:13 0 d-------- C:\Program Files\DellConnect<DELLCO~1>
2007-02-19 14:15:03 0 d-------- C:\Program Files\SpyOnThis v2.0<SPYONT~1.0>
2007-02-19 14:12:59 0 dr-h----- C:\Documents and Settings\Joey\Application Data\yahoo!
2007-02-19 13:12:39 10240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-02-19 12:45:09 115880 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-02-19 12:45:09 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-19 12:45:09 36528 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-02-19 12:42:22 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-19 12:40:55 0 d-------- C:\Program Files\Winamp
2007-02-19 12:17:44 53248 --a------ C:\WINDOWS\uneng.exe
2007-02-19 12:17:27 0 d-------- C:\Program Files\Roxio
2007-02-19 12:15:19 0 d-------- C:\Program Files\Microsoft Hardware<MI948F~1>
2007-02-19 12:15:11 0 d-------- C:\Program Files\Common Files\Adaptec Shared<ADAPTE~1>
2007-02-19 11:58:48 0 d-------- C:\Program Files\Microsoft Plus!<MI3F87~1>
2007-02-19 11:56:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-19 11:38:02 0 d-------- C:\Program Files\Dell
2007-02-19 11:31:04 11136 --a------ C:\WINDOWS\system32\drivers\ipfilter.sys
2007-02-19 11:29:09 6942 --a------ C:\WINDOWS\system32\drivers\Msikbd2k.sys
2007-02-19 11:29:09 28672 --a------ C:\WINDOWS\Nhksrv.exe
2007-02-19 11:29:09 163840 --a------ C:\WINDOWS\MMKeybd.exe
2007-02-19 11:29:05 28672 -----n--- C:\WINDOWS\system32\msiosd32.dll
2007-02-19 11:29:05 65536 --a------ C:\WINDOWS\system32\Msikbd.dll
2007-02-19 11:29:05 0 d-------- C:\Program Files\Netropa
2007-02-19 11:21:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-19 11:21:46 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-02-19 11:19:23 0 d-------- C:\Program Files\Yahoo!
2007-02-19 11:12:42 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-02-19 11:09:24 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-19 11:04:19 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~4>
2007-02-19 11:02:59 0 d-------- C:\WINDOWS\ShellNew
2007-02-19 11:02:57 0 d-------- C:\Program Files\Common Files\L&H
2007-02-19 10:50:23 0 d--hs---- C:\RECYCLER
2007-02-19 10:34:05 0 d-------- C:\Documents and Settings\Joey\Application Data\McAfee
2007-02-19 10:21:09 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-19 09:28:55 0 d-------- C:\Documents and Settings\Joey\Application Data\ATI
2007-02-19 09:14:41 0 d-------- C:\WINDOWS\WBEM
2007-02-19 09:13:29 0 d--h---c- C:\WINDOWS\ie7
2007-02-19 09:12:39 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-19 09:12:23 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-02-19 09:03:43 0 d-------- C:\977c01c765f8d9441fa55cd3091a4fb9<977C01~1>
2007-02-19 08:45:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-19 08:42:28 0 d-------- C:\Program Files\MSBuild
2007-02-19 08:39:03 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-02-19 08:39:01 0 d-------- C:\WINDOWS\system32\en-us
2007-02-19 08:38:36 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-02-19 08:38:17 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-02-19 08:36:18 0 dr--s---- C:\WINDOWS\assembly
2007-02-19 08:35:49 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-19 07:37:16 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-19 07:37:15 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-19 07:37:14 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-19 07:23:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-19 07:23:26 0 d-------- C:\Documents and Settings\Joey\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-18 22:37:19 0 d-------- C:\WINDOWS\setupupd
2007-02-18 22:26:57 0 d-------- C:\WINDOWS\setup.pss
2007-02-18 22:14:14 0 d-------- C:\Documents and Settings\All Users\Application Data\MCA36.tmp
2007-02-18 21:24:07 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-02-18 21:24:06 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-18 21:23:23 0 d--hs---- C:\Documents and Settings\Joey\UserData
2007-02-18 21:20:52 17648 -ra------ C:\WINDOWS\system32\drivers\pc22nd5.sys
2007-02-18 21:17:04 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-02-18 21:14:44 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-02-18 21:14:43 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-02-18 21:14:41 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-02-18 21:14:39 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-02-18 21:14:36 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-02-18 21:14:34 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-02-18 21:14:13 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-18 21:14:01 41984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-02-18 21:14:01 44544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-02-18 21:14:01 39424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-02-18 21:14:01 20480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-02-18 21:14:01 116736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-02-18 21:14:01 351616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-02-18 21:14:01 28032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2007-02-18 21:13:56 48000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-02-18 21:13:55 53760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-02-18 21:13:20 5712 -ra------ C:\WINDOWS\system32\drivers\pc22wh.sys
2007-02-18 21:13:20 69744 -ra------ C:\WINDOWS\system32\drivers\pc22unic.sys
2007-02-18 21:13:20 3936 -ra------ C:\WINDOWS\system32\drivers\pc22cr.sys
2007-02-18 20:48:46 0 d-------- C:\WINDOWS\system32\Defaults
2007-02-18 20:48:37 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-18 20:48:36 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-18 20:48:34 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-18 20:48:30 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-18 20:48:29 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-18 20:48:28 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-18 20:48:27 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-18 20:48:26 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-18 20:48:14 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-18 20:48:13 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-18 20:48:11 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-02-18 20:48:11 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-02-18 20:48:08 0 d-------- C:\Documents and Settings\Joey\Application Data\Creative
2007-02-18 20:47:59 0 d-------- C:\WINDOWS\system32\Data
2007-02-18 20:47:59 11776 --a------ C:\WINDOWS\INRES.DLL
2007-02-18 20:47:59 3072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-02-18 20:47:58 0 d-------- C:\Program Files\Creative
2007-02-18 20:45:11 0 d-------- C:\Program Files\McAfee
2007-02-18 20:45:11 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-18 20:44:57 0 d-------- C:\WINDOWS\system32\mclsphlr
2007-02-18 20:44:52 90112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2007-02-18 20:44:51 11264 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-18 20:44:51 131072 --a------ C:\WINDOWS\system32\mclsp.dll
2007-02-18 20:44:51 32768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-02-18 20:44:31 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys<MPFIRE~1.SYS>
2007-02-18 20:44:30 9216 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-02-18 20:44:23 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-18 20:43:53 114464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-02-18 20:43:39 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-02-18 20:43:15 288320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-02-18 20:43:14 349760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-02-18 20:43:14 0 d-------- C:\Program Files\McAfee.com
2007-02-18 20:38:33 110592 --a------ C:\WINDOWS\system32\atiiprxx.exe
2007-02-18 20:38:33 331853 --a------ C:\WINDOWS\system32\atiicdxx.dll
2007-02-18 20:38:33 1305433 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-02-18 20:22:29 53248 --a------ C:\WINDOWS\system32\Prounstl.exe
2007-02-18 20:22:29 23040 --a------ C:\WINDOWS\system32\IntelNic.dll
2007-02-18 20:22:29 139776 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-02-18 20:20:57 0 d-------- C:\Program Files\Intel
2007-02-18 20:15:01 176128 --a------ C:\WINDOWS\system32\RcdScan.dll
2007-02-18 20:15:01 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll<HHACTI~1.DLL>
2007-02-18 20:15:00 89360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-02-18 20:14:59 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys
2007-02-18 2044 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-02-18 2033 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-18 2027 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-18 2020 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 2001 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-18 20:05:46 0 d-------- C:\ATI
2007-02-18 20:04:16 2621440 --ah----- C:\Documents and Settings\Joey\NTUSER.DAT
2007-02-18 20:00:45 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-18 20:00:43 0 d-------- C:\WINDOWS\Prefetch
2007-02-18 20:00:42 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-18 20:00:33 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-18 19:57:37 0 d-------- C:\WINDOWS\system32\xircom
2007-02-18 19:57:37 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-18 19:57:35 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-18 19:57:35 0 d-------- C:\DELL
2007-02-18 19:57:23 0 -rahs---- C:\MSDOS.SYS
2007-02-18 19:57:23 0 -rahs---- C:\IO.SYS
2007-02-18 19:57:23 0 --a------ C:\CONFIG.SYS
2007-02-18 19:57:23 0 --a------ C:\AUTOEXEC.BAT
2007-02-18 19:57:08 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-18 19:56:22 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-18 19:56:11 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-18 19:56:11 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-18 19:55:59 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-18 19:54:42 0 d-------- C:\WINDOWS\system32\DirectX
2007-02-18 19:52:47 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-18 19:51:49 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-18 19:51:44 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-18 19:51:26 0 d---s---- C:\WINDOWS\Tasks
2007-02-18 19:51:26 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-18 19:51:23 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-18 19:51:02 0 d-------- C:\WINDOWS\srchasst
2007-02-18 19:50:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-02-18 19:50:41 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-18 19:50:41 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-18 19:50:41 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-18 19:50:41 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-18 19:50:39 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-18 19:50:38 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-18 19:50:38 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-18 19:50:38 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-18 19:50:37 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-18 19:50:36 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-18 19:50:36 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-02-18 19:50:36 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-02-18 19:50:35 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-18 19:49:45 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-18 19:49:23 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-18 19:49:23 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-18 19:49:23 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-18 19:49:23 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-18 19:49:01 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-18 19:49:01 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-18 19:49:01 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-18 19:48:59 0 d-------- C:\WINDOWS\system32\Restore
2007-02-18 19:48:58 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-18 19:48:58 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-18 19:48:57 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-18 19:48:57 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-18 19:48:53 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-18 19:48:53 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-18 19:48:53 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-18 19:48:52 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-18 19:48:51 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-18 19:48:51 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-18 19:48:39 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-18 19:48:38 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-18 19:48:33 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-18 19:48:32 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-18 19:48:18 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-18 19:48:16 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-18 19:48:15 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-18 19:48:12 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-18 19:48:12 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-18 19:48:11 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-18 19:48:11 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-18 19:47:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-18 19:47:15 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-18 19:46:45 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-18 19:46:37 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-18 19:46:20 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-18 19:46:20 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-18 19:45:59 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-18 19:45:59 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-18 19:45:59 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-18 19:45:59 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-18 19:45:59 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-18 19:45:58 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-18 19:45:51 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-18 19:45:50 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-18 19:45:50 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-18 19:45:50 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-18 19:45:49 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-18 19:45:49 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-18 19:45:49 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-18 19:45:49 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-18 19:45:49 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-18 19:45:49 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-18 19:45:48 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-18 19:45:48 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-18 19:45:48 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-18 19:45:48 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-18 19:45:48 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-18 19:45:48 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-18 19:45:48 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-18 19:45:48 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-18 19:45:48 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-18 19:45:48 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-18 19:45:48 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-18 19:45:47 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-18 19:45:46 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-18 19:45:45 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-18 19:45:45 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-18 19:45:45 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-18 19:45:45 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-18 19:45:45 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-18 19:45:45 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-18 19:45:45 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-18 19:45:26 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-18 19:45:25 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-18 19:45:25 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-18 19:45:25 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-18 19:45:24 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-18 19:45:24 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-18 19:45:24 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-18 19:45:24 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-18 19:45:23 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-18 19:45:23 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-18 19:45:23 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-18 19:45:23 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-18 19:45:23 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-18 19:45:23 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-18 19:45:23 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-18 19:45:23 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-18 19:45:23 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-18 19:45:22 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-18 19:45:22 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-18 19:45:22 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-18 19:45:22 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-18 19:45:22 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-18 19:45:22 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-18 19:45:22 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-18 19:45:22 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-18 19:45:22 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-18 19:45:21 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-18 19:45:21 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-18 19:45:21 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-18 19:45:21 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-18 19:45:21 0 d-------- C:\WINDOWS\system32\MsDtc
2007-02-18 19:45:21 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-18 19:45:20 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-18 19:45:20 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-18 19:45:20 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-18 19:45:19 0 d-------- C:\WINDOWS\system32\Com
2007-02-18 19:45:19 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-18 19:45:19 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-18 19:45:19 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-18 19:45:19 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-18 19:45:19 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-18 19:45:18 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-18 19:45:18 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-18 19:45:18 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-18 19:45:11 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-18 19:45:11 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-18 19:45:11 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-18 19:45:11 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-18 19:45:06 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-18 19:45:06 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-18 11:41:54 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-18 11:41:52 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-18 11:41:51 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-18 11:41:47 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-18 11:41:32 16128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-02-18 11:41:31 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-18 11:41:03 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-18 11:40:12 836153 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-02-18 11:40:09 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-18 11:40:00 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-18 11:39:57 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-02-18 11:39:57 32285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-02-18 11:39:57 11868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-18 11:39:57 685056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-02-18 11:39:57 220032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-02-18 11:39:56 1041536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-02-18 11:39:50 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-02-18 11:38:44 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-18 11:38:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-18 11:38:40 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-18 11:38:39 0 dr------- C:\Program Files<PROGRA~1>
2007-02-18 11:38:36 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-18 11:38:36 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-18 11:38:36 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-18 11:38:34 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-18 11:38:34 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-18 11:38:32 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-18 11:38:32 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-18 11:38:32 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-18 11:38:32 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-18 11:38:32 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-18 11:38:32 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-18 11:38:32 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-18 11:38:30 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-18 11:38:30 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-18 11:38:30 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-18 11:38:30 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-18 11:38:30 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-18 11:38:28 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-18 11:38:28 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-18 11:38:28 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-18 11:38:28 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-18 11:38:28 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-18 11:38:25 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-18 11:38:25 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-18 11:38:25 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-18 11:38:25 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-18 11:38:25 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-18 11:38:24 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-18 11:38:24 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-18 11:38:24 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-18 11:38:24 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-18 11:38:24 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-18 11:38:24 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-18 11:38:23 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-18 11:38:23 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-18 11:38:23 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-18 11:38:23 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-18 11:38:22 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-18 11:38:22 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-18 11:38:22 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-18 11:38:21 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-02-18 11:38:21 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-02-18 11:38:20 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-18 11:38:11 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-18 11:37:56 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-02-18 11:37:56 0 d-------- C:\WINDOWS\system32\CatRoot
2007-02-18 11:37:21 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-18 11:37:21 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-02-18 11:30:59 0 d-------- C:\WINDOWS
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\WinSxS
2007-02-18 11:30:59 0 dr------- C:\WINDOWS\Web
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\twain_32
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\wins
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\wbem
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\usmt
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\spool
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\ShellExt
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\Setup
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\ras
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\oobe
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\npp
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\mui
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\inetsrv
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\IME
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\icsxml
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\ias
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\export
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\drivers
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-18 11:30:59 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\dhcp
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\config
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\3076
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\2052
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1054
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1042
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1041
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1037
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1033
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1031
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1028
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system32\1025
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\system
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\security
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\repair
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\PeerNet
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\pchealth
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\mui
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\msapps
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\msagent
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Media
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\java
2007-02-18 11:30:59 0 d--h----- C:\WINDOWS\inf
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\ime
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Help
2007-02-18 11:30:59 0 dr--s---- C:\WINDOWS\Fonts
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\dell
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Debug
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Cursors
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\Config
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\AppPatch
2007-02-18 11:30:59 0 d-------- C:\WINDOWS\addins
2007-01-29 00:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-23 21:30:10 0 d---s---- C:\Documents and Settings\Joey\Application Data\Microsoft<MICROS~1>
2007-02-19 12:17:43 45056 --a------ C:\WINDOWS\system32\cdrtc.dll
2007-02-19 12:17:43 45056 --a------ C:\WINDOWS\system32\cdral.dll
2007-02-19 11:22:44 0 d-------- C:\Documents and Settings\Joey\Application Data\Macromedia<MACROM~1>
2007-02-18 20:04:25 0 d-------- C:\Documents and Settings\Joey\Application Data\Identities<IDENTI~1>
2007-02-18 11:38:11 62 --ahs---- C:\Documents and Settings\Joey\Application Data\desktop.ini
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 13:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 10:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-16 18:30:22 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2006-12-16 18:23:32 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-16 18:17:16 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-11-28 11:55:40 142347 --a------ C:\WINDOWS\system32\atiicdxx.dat
2006-11-27 06:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 06:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"DellTouch"="C:\\WINDOWS\\MMKeybd.exe"
"POINTER"="point32.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\setup.exe


-- End of ComboScan: finished at 2007-02-24 at 13:41:11 -------------------------

[Ried]

Hiya,

I'm not seeing any malware other than the SpyOnThis program. It is considered rogueware and we recommend uninstalling it via the Add/Remove programs.

After you've uninstalled it, delete it's folder if it still exists:

C:\Program Files\ SpyOnThis v2.0

-----------------------------------------------------------

Your logs are clean. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[HunterCub]

Cool, thank you vcery much guys. I have deleated spyonthis. My computer seems to be running propperly with the exception of a few minor blips here and there.

Thank you so much :)

[Ried]

You're welcome.

If the 'blips' are the ones you spoke of earlier regarding your modem, you may want to discuss that with the folks in the Networking Forum.