adware - Searchcolors

steve2603 · 02-23-2007, 11:58 AM

Hi,

Anyone know how to get rid of searchcolors ?

Tried McAfee, ad-aware se and Norton but it just keeps coming back after a re-boot..

Thanks,..,

tetonbob · 02-25-2007, 11:40 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please do this:

Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy and paste the contents of ComboScan.txt here.
A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
Please Attach Supplementary.txt to your post.
If the folder does not open, please navigate to it.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:

C:\ComboScan\Supplementary.txt
Click Upload.

---------------------------------------------------------------------------------------------

steve2603 · 02-27-2007, 08:16 AM

ComboScan v20070226.18 run by Steve Byars on 2007-02-27 at 10:10:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Steve Byars.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:11:55 AM, on 27-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
C:\Program Files\X-Rite\PULSE ColorElite\PulseLaunch.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\Steve Byars.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O20 - Winlogon Notify: qomkijk - C:\WINDOWS\SYSTEM32\qomkijk.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
3R atmeltpm - C:\WINDOWS\system32\drivers\atmeltpm.sys
3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
2R BASFND - C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
2R CBN - C:\WINDOWS\system32\drivers\CBN.SYS
3R CBUSB (MARX CryptoTech LP) - C:\WINDOWS\system32\drivers\CBUSB.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
3S E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HidBatt (HID UPS Battery Driver) - C:\WINDOWS\system32\drivers\hidbatt.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
0R hotcore - C:\WINDOWS\system32\drivers\hotcore.sys
0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys
3S L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys
3R LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R mfeavfk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys
3R mfebopk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys
3R mfehidk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys
3S mferkdk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mferkdk.sys
3R mfesmfk (McAfee Inc.) - C:\WINDOWS\system32\drivers\mfesmfk.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
1R MPFP - C:\WINDOWS\system32\drivers\Mpfp.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NaiAvFilter101 (NAI Anti Virus) - \Device\NaiAvFilter101.sys (not found)
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R P1120VID (Creative WebCam NX Ultra) - C:\WINDOWS\system32\drivers\P1120Vid.sys
0R PBADRV - C:\WINDOWS\system32\drivers\PBADRV.sys
3R Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\drivers\Pcouffin.sys
3S PortTalk - C:\WINDOWS\system32\drivers\PortTalk.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R snapman (Acronis Snapshots Manager) - C:\WINDOWS\system32\drivers\snapman.sys
0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys
0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys
0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys
3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\WINDOWS\system32\drivers\sthda.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
2R tifsfilter (Acronis True Image FS Filter) - C:\WINDOWS\system32\drivers\tifsfilt.sys
0R timounter (Acronis True Image Backup Archive Explorer) - C:\WINDOWS\system32\drivers\timntr.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S X-Rite (%X-Rite.DTP20.Usb.Service%) - C:\WINDOWS\system32\drivers\XrUsb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R AcrSch2Svc (Acronis Scheduler2 Service) - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2R APC UPS Service - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
2R ASFIPmon (Broadcom ASF IP Monitor) - "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
4S DataSvr2 - "C:\Program Files\Wave Systems Corp\Common\DataServer.exe"
3R Emproxy (McAfee E-mail Proxy) - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R EpsonBidirectionalService - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R IAANTMon (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
2R McLogManagerService (McAfee Log Manager) - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
2R mcmispupdmgr (McAfee Update Manager) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McProxy (McAfee Proxy Service) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
2R McRedirector (McAfee Redirector Service) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2R McTskshd.exe (McAfee Task Scheduler) - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
2R mcusrmgr (McAfee User Manager) - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
2R MpfService (McAfee Personal Firewall Service) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
2R MPS9 (McAfee Privacy Service) - C:\PROGRA~1\McAfee\MPS\mps.exe
2R MSK80Service (McAfee SpamKiller Service) - "C:\Program Files\McAfee\MSK\MskSrver.exe"
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R SiteAdvisor Service - C:\Program Files\SiteAdvisor\6028\SAService.exe
4S tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
2S 0082331172587804mcinstcleanup (McAfee Application Installer Cleanup (0082331172587804)) - C:\WINDOWS\TEMP\008233~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

-- Scheduled Tasks --------------------------------------------------------------

2007-02-24 14:02:59 1450 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job<WRSPYS~1.JOB>
2007-02-13 07:17:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-02-01 01:00:07 364 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-01-18 10:12:28 362 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 10:11:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-27 09:50:00 0 d-------- C:\Program Files\VSAdd-in
2007-02-27 09:49:59 88340 --a------ C:\WINDOWS\system32\lwiijwfn.exe
2007-02-27 09:49:59 0 d-------- C:\WINDOWS\LastGood
2007-02-24 14:40:22 88340 --a------ C:\WINDOWS\system32\eogqkewp.exe
2007-02-24 14:38:38 118804 --a------ C:\WINDOWS\system32\euumsfre.dll
2007-02-24 14:28:27 88340 --a------ C:\WINDOWS\system32\tirnwmcc.exe
2007-02-24 14:25:48 162 --a------ C:\install.dat
2007-02-24 14:04:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-24 14:02:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-24 14:02:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-24 14:02:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-24 14:02:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-24 14:02:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-24 14:02:30 0 d-------- C:\Program Files\Webroot
2007-02-24 14:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-24 14:01:47 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Webroot
2007-02-24 09:57:18 88340 --a------ C:\WINDOWS\system32\bcwvfmsc.exe
2007-02-23 10:01:01 88340 --a------ C:\WINDOWS\system32\wmofanai.exe
2007-02-23 10:00:26 88340 --a------ C:\WINDOWS\system32\serqruwf.exe
2007-02-22 16:52:57 88340 --a------ C:\WINDOWS\system32\odfabywe.exe
2007-02-22 16:51:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-22 16:51:06 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-22 16:51:06 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-22 16:51:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-22 16:51:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-22 16:50:00 88340 --a------ C:\WINDOWS\system32\yadlwanh.exe
2007-02-22 10:53:50 88340 --a------ C:\WINDOWS\system32\rgmrdmqo.exe
2007-02-22 10:52:52 22749 ---hs---- C:\WINDOWS\system32\mljhggf.dll
2007-02-22 10:50:30 88340 --a------ C:\WINDOWS\system32\koqylpao.exe
2007-02-22 10:27:59 88340 --a------ C:\WINDOWS\system32\jgbxexai.exe
2007-02-22 09:56:44 88340 --a------ C:\WINDOWS\system32\fjxwogqd.exe
2007-02-22 09:56:43 22749 ---hs---- C:\WINDOWS\system32\byxxutr.dll
2007-02-21 12:44:20 971858 ---hs---- C:\WINDOWS\system32\ihkmp.ini2<IHKMP~1.INI>
2007-02-21 12:42:36 88340 --a------ C:\WINDOWS\system32\jtuwksjf.exe
2007-02-21 10:01:25 88340 --a------ C:\WINDOWS\system32\jglkubju.exe
2007-02-21 10:00:11 22749 ---hs---- C:\WINDOWS\system32\nnnomkh.dll
2007-02-21 09:51:05 88340 --a------ C:\WINDOWS\system32\ujjnmnsi.exe
2007-02-21 09:50:46 22749 ---hs---- C:\WINDOWS\system32\byxvwxw.dll
2007-02-20 14:50:12 88340 --a------ C:\WINDOWS\system32\fdgcokcf.exe
2007-02-20 14:15:07 88340 --a------ C:\WINDOWS\system32\geldhlle.exe
2007-02-20 14:14:14 88340 --a------ C:\WINDOWS\system32\ejvlhgjh.exe
2007-02-20 14:09:17 88340 --a------ C:\WINDOWS\system32\tgaunndr.exe
2007-02-20 14:05:48 88340 --a------ C:\WINDOWS\system32\ieytykou.exe
2007-02-20 14:03:47 88340 --a------ C:\WINDOWS\system32\uxtwassj.exe
2007-02-20 14:02:48 88340 --a------ C:\WINDOWS\system32\yboccwpi.exe
2007-02-20 14:00:09 88340 --a------ C:\WINDOWS\system32\gsltmnqu.exe
2007-02-20 13:58:39 88340 --a------ C:\WINDOWS\system32\wuaclekw.exe
2007-02-20 13:41:12 6206 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 13:37:46 88340 --a------ C:\WINDOWS\system32\nbnfbupk.exe
2007-02-20 13:35:11 88340 --a------ C:\WINDOWS\system32\ebctsuej.exe
2007-02-20 13:33:56 88340 --a------ C:\WINDOWS\system32\qgtllddx.exe
2007-02-20 13:11:27 88340 --a------ C:\WINDOWS\system32\unvtqhtl.exe
2007-02-20 13:10:03 88340 --a------ C:\WINDOWS\system32\doghtpvg.exe
2007-02-20 12:37:11 0 d-------- C:\WINDOWS\McAfee.com
2007-02-20 12:18:11 0 d-------- C:\WINDOWS\system32\Dell
2007-02-20 11:53:04 88340 --a------ C:\WINDOWS\system32\qpcrnong.exe
2007-02-20 11:51:56 88340 --a------ C:\WINDOWS\system32\pmqhbesl.exe
2007-02-20 11:38:47 66048 --a------ C:\WINDOWS\ieResetIcons.exe<IERESE~1.EXE>
2007-02-20 10:14:38 88340 --a------ C:\WINDOWS\system32\erpayxld.exe
2007-02-20 10:11:24 77824 --a------ C:\WINDOWS\system32\IPPTAMon.dll
2007-02-20 10:09:35 0 d-------- C:\Program Files\ImagePrint<IMAGEP~1>
2007-02-20 09:09:55 88340 --a------ C:\WINDOWS\system32\iqjhcpgw.exe
2007-02-20 09:09:29 76412 --a------ C:\WINDOWS\system32\kqrlxkcy.dll
2007-02-17 14:25:28 88340 --a------ C:\WINDOWS\system32\udsroewm.exe
2007-02-17 14:25:09 22749 ---hs---- C:\WINDOWS\system32\ljjhiii.dll
2007-02-17 14:24:46 88340 --a------ C:\WINDOWS\system32\lknesecp.exe
2007-02-17 14:20:09 88340 --a------ C:\WINDOWS\system32\nkgxusjt.exe
2007-02-17 14:03:36 88340 --a------ C:\WINDOWS\system32\jdmcubbw.exe
2007-02-17 14:03:20 22749 ---hs---- C:\WINDOWS\system32\xxywusr.dll
2007-02-17 13:41:28 88340 --a------ C:\WINDOWS\system32\budiivek.exe
2007-02-17 13:41:12 22749 ---hs---- C:\WINDOWS\system32\ssqnnki.dll
2007-02-17 13:40:57 88340 --a------ C:\WINDOWS\system32\plohrpbm.exe
2007-02-17 13:23:06 88340 --a------ C:\WINDOWS\system32\avfjldto.exe
2007-02-17 13:22:52 22749 ---hs---- C:\WINDOWS\system32\ddcdbxy.dll
2007-02-17 13:22:23 88340 --a------ C:\WINDOWS\system32\kchoxdcs.exe
2007-02-16 16:59:02 88340 --a------ C:\WINDOWS\system32\rwegycov.exe
2007-02-16 16:48:03 88340 --a------ C:\WINDOWS\system32\cgeixbyk.exe
2007-02-16 16:47:48 88340 --a------ C:\WINDOWS\system32\ljjlkxoh.exe
2007-02-16 16:43:37 88340 --a------ C:\WINDOWS\system32\aeegtevb.exe
2007-02-16 13:51:08 88340 --a------ C:\WINDOWS\system32\nwoahhhd.exe
2007-02-16 12:57:57 88340 --a------ C:\WINDOWS\system32\myhmxlfb.exe
2007-02-16 10:03:05 88340 --a------ C:\WINDOWS\system32\llrlvohv.exe
2007-02-15 16:46:21 0 d-------- C:\epson
2007-02-15 15:24:07 88340 --a------ C:\WINDOWS\system32\mcaqkiem.exe
2007-02-15 15:23:58 22749 ---hs---- C:\WINDOWS\system32\opnmjgf.dll
2007-02-15 11:02:52 22749 ---hs---- C:\WINDOWS\system32\jkkhgda.dll
2007-02-15 10:55:55 22749 ---hs---- C:\WINDOWS\system32\jkkiife.dll
2007-02-15 10:55:40 88340 --a------ C:\WINDOWS\system32\pohxlntp.exe
2007-02-15 10:47:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-15 10:11:57 88340 --a------ C:\WINDOWS\system32\bgywirvp.exe
2007-02-15 10:11:26 22749 ---hs---- C:\WINDOWS\system32\qomkijk.dll
2007-02-14 16:20:37 88340 --a------ C:\WINDOWS\system32\famvttoa.exe
2007-02-14 15:23:54 44165 --a------ C:\WINDOWS\system32\nybdnxsi.dll
2007-02-14 13:59:41 88340 --a------ C:\WINDOWS\system32\jkwycosq.exe
2007-02-14 13:59:24 88340 --a------ C:\WINDOWS\system32\hxhqanet.exe
2007-02-14 09:53:47 44165 --a------ C:\WINDOWS\system32\pqcreysq.dll
2007-02-14 09:53:41 88340 --a------ C:\WINDOWS\system32\ncxglwve.exe
2007-02-14 09:53:03 44060 --a------ C:\WINDOWS\system32\ukjdpmmq.dll
2007-02-13 13:08:57 44165 --a------ C:\WINDOWS\system32\dkamlvtg.dll
2007-02-13 13:05:22 88340 --a------ C:\WINDOWS\system32\tmvhjrqi.exe
2007-02-13 13:05:14 22749 ---hs---- C:\WINDOWS\system32\cbxwvsq.dll
2007-02-13 11:43:30 88340 --a------ C:\WINDOWS\system32\jhdeqvhe.exe
2007-02-13 11:43:16 22749 ---hs---- C:\WINDOWS\system32\efcyxww.dll
2007-02-13 11:43:14 88340 --a------ C:\WINDOWS\system32\wtvnqbcy.exe
2007-02-13 11:07:48 88340 --a------ C:\WINDOWS\system32\ycoudqtl.exe
2007-02-13 11:07:34 22749 ---hs---- C:\WINDOWS\system32\gebcdec.dll
2007-02-13 10:38:59 88340 --a------ C:\WINDOWS\system32\inalppwv.exe
2007-02-13 10:38:42 22749 ---hs---- C:\WINDOWS\system32\nnnligf.dll
2007-02-13 10:38:35 88340 --a------ C:\WINDOWS\system32\abcafwmf.exe
2007-02-12 11:08:40 22749 ---hs---- C:\WINDOWS\system32\khfgday.dll
2007-02-12 10:59:10 88340 --a------ C:\WINDOWS\system32\vlgpjdlu.exe
2007-02-12 10:58:48 88340 --a------ C:\WINDOWS\system32\pestgjbk.exe
2007-02-12 10:58:13 76412 --a------ C:\WINDOWS\system32\emgrumpu.dll
2007-02-10 09:35:43 88340 --a------ C:\WINDOWS\system32\mcihydee.exe
2007-02-10 09:35:36 22749 ---hs---- C:\WINDOWS\system32\yayxxvt.dll
2007-02-09 10:59:50 1238 -----n--- C:\WINDOWS\hpwmdl03.dat
2007-02-09 10:59:50 60701 --a------ C:\WINDOWS\hpwins03.dat
2007-02-09 10:57:31 88340 --a------ C:\WINDOWS\system32\apgvndvf.exe
2007-02-09 09:55:02 88340 --a------ C:\WINDOWS\system32\jmhvswib.exe
2007-02-09 09:53:55 44060 --a------ C:\WINDOWS\system32\btyquldm.dll
2007-02-08 09:52:09 88340 --a------ C:\WINDOWS\system32\xitfjgfu.exe
2007-02-08 09:52:00 22691 ---hs---- C:\WINDOWS\system32\yayayaa.dll
2007-02-07 09:50:56 22691 ---hs---- C:\WINDOWS\system32\yayyyww.dll
2007-02-07 09:50:53 88340 --a------ C:\WINDOWS\system32\wjpfxpag.exe
2007-02-06 16:59:59 44165 --a------ C:\WINDOWS\system32\minglxkv.dll
2007-02-06 10:22:12 88340 --a------ C:\WINDOWS\system32\hkchdijs.exe
2007-02-06 10:22:00 22691 ---hs---- C:\WINDOWS\system32\urqpqrr.dll
2007-02-06 10:18:18 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-02-06 10:18:18 0 d-------- C:\Program Files\Olympus ES-10 Film Scanner<OLYMPU~1>
2007-02-06 10:04:39 88340 --a------ C:\WINDOWS\system32\qtlucluo.exe
2007-02-06 10:04:26 22691 ---hs---- C:\WINDOWS\system32\pmnnnom.dll
2007-02-03 13:40:54 88340 --a------ C:\WINDOWS\system32\mcanwthd.exe
2007-02-03 13:40:42 88340 --a------ C:\WINDOWS\system32\uujnmwns.exe
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-03 12:38:20 0 d-------- C:\Program Files\Downloaded Installations<DOWNLO~1>
2007-02-03 10:02:52 88340 --a------ C:\WINDOWS\system32\ariiftpu.exe
2007-02-03 10:02:34 88340 --a------ C:\WINDOWS\system32\hwnfbsgv.exe
2007-02-02 12:26:24 88340 --a------ C:\WINDOWS\system32\dcdvtvem.exe
2007-02-02 09:53:02 88340 --a------ C:\WINDOWS\system32\jdexgisw.exe
2007-02-02 09:52:46 22029 ---hs---- C:\WINDOWS\system32\fccyvww.dll
2007-02-01 14:40:58 88340 --a------ C:\WINDOWS\system32\yypmbcgv.exe
2007-02-01 14:40:44 22029 ---hs---- C:\WINDOWS\system32\ssqqnnl.dll
2007-01-31 10:27:44 4142592 --a------ C:\WINDOWS\system32\qtintf.dll
2007-01-31 10:27:43 0 d-------- C:\Program Files\APC
2007-01-31 10:26:45 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-01-31 10:26:43 19200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2007-01-31 10:26:42 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-01-31 09:44:55 88340 --a------ C:\WINDOWS\system32\veffyefa.exe
2007-01-31 09:44:31 22029 ---hs---- C:\WINDOWS\system32\nnnnnol.dll
2007-01-31 09:44:28 44060 --a------ C:\WINDOWS\system32\vdktxdlr.dll
2007-01-30 08:45:03 88340 --a------ C:\WINDOWS\system32\vhmujloy.exe
2007-01-30 08:44:23 88340 --a------ C:\WINDOWS\system32\lxvsjkqa.exe
2007-01-30 08:44:19 76412 --a------ C:\WINDOWS\system32\byfdioow.dll
2007-01-30 08:44:03 22029 ---hs---- C:\WINDOWS\system32\iifebxw.dll
2007-01-29 11:29:55 88340 --a------ C:\WINDOWS\system32\flhrttuf.exe
2007-01-29 11:29:52 22029 ---hs---- C:\WINDOWS\system32\xxyyyvv.dll
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-27 13:45:30 88340 --a------ C:\WINDOWS\system32\nyasptpe.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-27 09:56:03 0 d-------- C:\Program Files\Java
2007-02-27 09:49:58 0 d-------- C:\Program Files\McAfee
2007-02-27 09:49:57 969958 ---hs---- C:\WINDOWS\system32\ihkmp.bak2<IHKMP~2.BAK>
2007-02-27 09:48:06 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Wave Systems Corp<WAVESY~1>
2007-02-24 14:28:26 970482 ---hs---- C:\WINDOWS\system32\ihkmp.bak1<IHKMP~1.BAK>
2007-02-23 12:39:33 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 11:23:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 14:53:00 376832 --a------ C:\WINDOWS\system32\MPIWIN32.DLL
2007-02-20 14:53:00 43520 --a------ C:\WINDOWS\system32\CBNDLL.DLL
2007-02-20 14:52:55 44544 --a------ C:\WINDOWS\system32\ZEUS.DLL
2007-02-20 14:52:55 27136 --a------ C:\WINDOWS\system32\VNSERVER.DLL
2007-02-20 14:52:55 40960 --a------ C:\WINDOWS\system32\LMLIBEX.DLL
2007-02-20 13:11:23 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\SiteAdvisor<SITEAD~1>
2007-02-16 11:01:34 2766 --a------ C:\Documents and Settings\Steve Byars\Application Data\com.icctools.ColorShop.plist<COMICC~1.PLI>
2007-02-16 10:59:19 8 --a------ C:\Documents and Settings\Steve Byars\Application Data\_.ini
2007-02-16 10:36:38 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\U3
2007-02-15 13:31:25 0 d-------- C:\Program Files\BitComet
2007-02-15 11:29:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 14:25:32 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-13 10:37:21 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-13 10:04:59 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-13 10:04:15 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-09 11:10:52 0 d-------- C:\Program Files\HP
2007-01-26 16:41:52 88340 --a------ C:\WINDOWS\system32\rmdijxuq.exe
2007-01-26 15:19:00 0 d-------- C:\Program Files\Avery Wizard 3.0<AVERYW~1.0>
2007-01-26 15:17:09 88340 --a------ C:\WINDOWS\system32\pemyxbwg.exe
2007-01-26 14:43:14 0 d-------- C:\Program Files\Common Files\Avery
2007-01-26 12:08:16 88340 --a------ C:\WINDOWS\system32\wdihnnhw.exe
2007-01-26 09:37:03 88340 --a------ C:\WINDOWS\system32\auuteryf.exe
2007-01-24 12:21:32 88340 --a------ C:\WINDOWS\system32\rvtwnapd.exe
2007-01-24 10:54:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Adobe
2007-01-23 12:51:14 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-23 12:20:46 88340 --a------ C:\WINDOWS\system32\fftfvuun.exe
2007-01-23 12:19:59 277192 ---hs---- C:\WINDOWS\system32\pmkhi.dll
2007-01-19 15:02:42 0 d-------- C:\Program Files\X-Rite
2007-01-19 14:44:59 1350 --a------ C:\Documents and Settings\Steve Byars\Application Data\ColorPort.xml<COLORP~1.XML>
2007-01-18 10:13:59 0 d-------- C:\Program Files\McAfee.com
2007-01-18 10:11:24 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-18 10:09:17 76412 --a------ C:\WINDOWS\system32\fogfpewe.dll
2007-01-18 10:09:15 88340 --a------ C:\WINDOWS\system32\kudpwdiy.exe
2007-01-18 10:09:11 44060 --a------ C:\WINDOWS\system32\oiurnexi.dll
2007-01-18 10:09:05 969851 ---hs---- C:\WINDOWS\system32\mlnmp.bak1<MLNMP~1.BAK>
2007-01-17 10:46:16 263963 --a------ C:\WINDOWS\system32\jkhhh.dll
2007-01-17 10:42:44 266883 --a------ C:\WINDOWS\system32\ddcya.dll
2007-01-16 15:23:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Lavasoft
2007-01-16 15:23:34 0 d-------- C:\Program Files\Lavasoft
2007-01-12 10:02:08 22541 ---hs---- C:\WINDOWS\system32\iifccby.dll
2007-01-11 12:53:03 22541 ---hs---- C:\WINDOWS\system32\nnnomml.dll
2007-01-10 18:12:51 22541 ---hs---- C:\WINDOWS\system32\awtqoop.dll
2007-01-10 15:31:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\dvdcss
2007-01-10 14:23:18 0 d-------- C:\Program Files\Xilisoft
2007-01-10 12:02:18 0 d-------- C:\Program Files\CloneDVD
2007-01-10 10:43:07 14545 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 15:41:04 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Help
2007-01-03 13

46 164568 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-01-03 13

45 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\River Past G5<RIVERP~1>
2007-01-02 16:01:19 0 d-------- C:\Program Files\Common Files\Ahead
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Pro 9800 (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S5I0P2.EXE /P30 \"EPSON Stylus Pro 9800 (Copy 1)\" /O6 \"USB002\" /M \"Stylus Pro 9800\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HPWUTOOLBOX"="C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe \"-i\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"RegistryMechanic"=""
"NWEReboot"=""
"CBSpoolDaemon"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBSpoolDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="muxd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"
"item"="vebbamba"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tcsd_win32.exe"=dword:00000002
"DataSvr2"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wxvault.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkijk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

-- End of ComboScan: finished at 2007-02-27 at 10:12:35 -------------------------

tetonbob · 02-27-2007, 09:02 AM

That's quite a collection of nasties you have there. We'll have to do this in several posts, but this first round of tools and scanners should take out a lot of what's there.

Among them, One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply at the end of this fix.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

We'll use this later.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm

ALL O18 Entries like this one, EXCEPT the first one.

O18 - Protocol: bw+0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll
O20 - Winlogon Notify: qomkijk - C:\WINDOWS\SYSTEM32\qomkijk.dll

Close HijackThis now.

---------------------------------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt here in your next reply.

Please go to: VirusTotal

At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

C:\Windows\System32\wxvault.dll
Click "Open".
Then click the "Send" button at the top of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run ComboScan once again

---------------------------------------------------------------------------------------------

Please return with logs from:

C:\VundoFix.txt
AVG Anti-Spyware
VirusTotal
Panda
ComboScan.txt

steve2603 · 02-27-2007, 01:17 PM

Hello,

Thanks for the instructions and point taken regarding P2P..

I have followed your instructions and have attached the log files and screen shots as seperate files.

I could not run VirusTotal, tried several times, it shut down the window and explorer each time.. seemed to do this after reaching this file: SW01068_q uig

also now after re-boot's i have a few windows open with alerts and issues.. I have attached a screenshot of this for your info..

Cheers, Steve

SDFix: Version 1.68

Run by Steve Byars - 27-Feb-07 @ 14:03:07.98

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\winjews16.exe"="C:\\WINDOWS\\system32\\winjews16.exe:*:Enabled:Windows Systems16"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\ihkmp.tmp

Add/Remove Programs List:

Ad-Aware SE Professional
Adobe Acrobat 7.0 Professional
Adobe InDesign CS2
Adobe PageMaker 7.0
Adobe Photoshop CS2
AVG Anti-Spyware 7.5
AVI Codec Pack
BitComet 0.84
CloneDVD 3.9.1
Creative PC-CAM Center
Creative WebCam NX Ultra Driver (1.01.03.0112)
Creative WebCam Monitor
Creative WebCam NX Ultra User's Guide (English)
Canon Utilities Digital Photo Professional 2.2
DVD Ripper Platinum 4
EPSON Printer Software
FrontLook Java Effects
HijackThis 1.99.1
HP Officejet Pro K550 Series
Microsoft Internationalized Domain Names Mitigation APIs
Wave Support Software
Private Information Manager
Document Manager Lite
Avery Wizard 3.0
ETS Upgrade
Canon Utilities EOS Viewer Utility 1.1
Secure Update
Canon Utilities Digital Photo Professional 2.0
ETS Launch Pad
Security Wizards
Canon EOS 20D WIA Driver
EMBASSY Security Center
High Definition Audio Driver Package - KB835221
McAfee Uninstaller
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.1)
McAfee SecurityCenter
MSN Music Assistant
MWSnap 3
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
PowerISO
RealPlayer
Registry Mechanic 6.0
Adobe Flash Player 9 ActiveX
River Past Video Cleaner Pro
VideoLAN VLC media player 0.8.5
WinRAR archiver
Olympus ES-10 Film Scanner driver 2.02 and Mask 0.80 beta
Broadcom ASF Management Applications
Roxio RecordNow Data
Wave Support Software
ColorPort 1.0.1.1
Private Information Manager
NTRU Hybrid TSS v2.0.25
Roxio DLA
Paragon Partition Manager 7.0
Adobe Photoshop CS2
AcronisÿTrueÿImageÿWorkstation
Broadcom Advanced Control Suite
Logitech SetPoint
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
iTunes
EPSON LFP Remote Panel
QuickTime
Document Manager Lite
APC PowerChute Personal Edition
Roxio Express Labeler
PowerDVD 5.7
MonacoOPTIX 2.0
Avery Wizard 3.0
ETS Upgrade
Callserve Internet Telephone
Windows Live Messenger
Nero 7 Premium
Adobe InDesign CS2
Preboot Manager
Adobe Common File Installer
Logitech Desktop Messenger
Microsoft Office XP Professional with FrontPage
Intel Matrix Storage Manager
ICC Profiles
Microsoft Office XP Small Business
Microsoft Office Basic Edition 2003
Microsoft Office FrontPage 2003
Apple Software Update
Roxio RecordNow Audio
Dell Embassy Trust Suite by Wave Systems
UGuide
Adobe Acrobat 7.0 Professional
Adobe Reader 7.0.8
Roxio RecordNow Copy
Spy Sweeper
Adobe Bridge 1.0
Misc
Atmel TPM Driver Installer 3.0.3.15
ColorShop X 1.5
Microsoft .NET Framework 1.1
EOS Viewer Utility 1.1
Secure Update
MCU
upekmsi
Canon Utilities Digital Photo Professional 2.0
ETS Launch Pad
Adobe Help Center 1.0
Security Wizards
Canon Camera WIA Driver
Adobe Stock Photos 1.0
EMBASSY Security Center
Genuine Fractals PrintPro Trial
EMBASSY Trust Suite by Wave Systems
Toolbox
PULSE ColorElite
Wave Infrastructure Installer
Windows Live Sign-in Assistant
ACE Mega CoDecS Pack

Finished

ComboScan v20070226.18 run by Steve Byars on 2007-02-27 at 15:02:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Steve Byars.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:02:09 PM, on 27-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\STEVEB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E0D0D24-256A-4C5E-A96B-FAA826870311} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 14:24:36 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-27 14:24:33 0 d-------- C:\WINDOWS\LastGood
2007-02-27 14:02:09 0 d-------- C:\SDFix
2007-02-27 12:47:34 282164 ---hs---- C:\WINDOWS\system32\vturs.dll
2007-02-27 12:45:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-27 12:45:26 0 d-------- C:\Program Files\Grisoft
2007-02-27 12:27:47 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-27 10:11:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-24 14:25:48 162 --a------ C:\install.dat
2007-02-24 14:04:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-24 14:02:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-24 14:02:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-24 14:02:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-24 14:02:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-24 14:02:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-24 14:02:30 0 d-------- C:\Program Files\Webroot
2007-02-24 14:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-24 14:01:47 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Webroot
2007-02-22 16:51:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-22 16:51:06 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-22 16:51:06 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-22 16:51:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-22 16:51:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-21 12:44:20 975434 ---hs---- C:\WINDOWS\system32\ihkmp.ini2<IHKMP~1.INI>
2007-02-20 13:41:12 6206 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 12:37:11 0 d-------- C:\WINDOWS\McAfee.com
2007-02-20 12:18:11 0 d-------- C:\WINDOWS\system32\Dell
2007-02-20 11:38:47 66048 --a------ C:\WINDOWS\ieResetIcons.exe<IERESE~1.EXE>
2007-02-20 10:11:24 77824 --a------ C:\WINDOWS\system32\IPPTAMon.dll
2007-02-20 10:09:35 0 d-------- C:\Program Files\ImagePrint<IMAGEP~1>
2007-02-15 16:46:21 0 d-------- C:\epson
2007-02-15 10:47:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-15 10:11:26 22749 -----n--- C:\WINDOWS\system32\qomkijk.dll
2007-02-14 15:23:54 44165 --a------ C:\WINDOWS\system32\nybdnxsi.dll
2007-02-14 09:53:47 44165 --a------ C:\WINDOWS\system32\pqcreysq.dll
2007-02-14 09:53:03 44060 --a------ C:\WINDOWS\system32\ukjdpmmq.dll
2007-02-13 13:08:57 44165 --a------ C:\WINDOWS\system32\dkamlvtg.dll
2007-02-09 10:59:50 1238 -----n--- C:\WINDOWS\hpwmdl03.dat
2007-02-09 10:59:50 60701 --a------ C:\WINDOWS\hpwins03.dat
2007-02-09 09:53:55 44060 --a------ C:\WINDOWS\system32\btyquldm.dll
2007-02-06 16:59:59 44165 --a------ C:\WINDOWS\system32\minglxkv.dll
2007-02-06 10:18:18 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-02-06 10:18:18 0 d-------- C:\Program Files\Olympus ES-10 Film Scanner<OLYMPU~1>
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-03 12:38:20 0 d-------- C:\Program Files\Downloaded Installations<DOWNLO~1>
2007-01-31 10:27:44 4142592 --a------ C:\WINDOWS\system32\qtintf.dll
2007-01-31 10:27:43 0 d-------- C:\Program Files\APC
2007-01-31 10:26:45 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-01-31 10:26:43 19200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2007-01-31 10:26:42 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-01-31 09:44:28 44060 --a------ C:\WINDOWS\system32\vdktxdlr.dll
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-27 14:48:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-27 14:48:11 0 d-------- C:\Program Files\iTunes
2007-02-27 14:48:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-27 13:01:33 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\U3
2007-02-27 10:38:07 969925 ---hs---- C:\WINDOWS\system32\ihkmp.bak2<IHKMP~2.BAK>
2007-02-27 09:56:03 0 d-------- C:\Program Files\Java
2007-02-27 09:49:58 0 d-------- C:\Program Files\McAfee
2007-02-27 09:48:06 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Wave Systems Corp<WAVESY~1>
2007-02-24 14:28:26 970482 ---hs---- C:\WINDOWS\system32\ihkmp.bak1<IHKMP~1.BAK>
2007-02-23 12:39:33 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 11:23:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 14:53:00 376832 --a------ C:\WINDOWS\system32\MPIWIN32.DLL
2007-02-20 14:53:00 43520 --a------ C:\WINDOWS\system32\CBNDLL.DLL
2007-02-20 14:52:55 44544 --a------ C:\WINDOWS\system32\ZEUS.DLL
2007-02-20 14:52:55 27136 --a------ C:\WINDOWS\system32\VNSERVER.DLL
2007-02-20 14:52:55 40960 --a------ C:\WINDOWS\system32\LMLIBEX.DLL
2007-02-20 13:11:23 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\SiteAdvisor<SITEAD~1>
2007-02-16 11:01:34 2766 --a------ C:\Documents and Settings\Steve Byars\Application Data\com.icctools.ColorShop.plist<COMICC~1.PLI>
2007-02-16 10:59:19 8 --a------ C:\Documents and Settings\Steve Byars\Application Data\_.ini
2007-02-15 13:31:25 0 d-------- C:\Program Files\BitComet
2007-02-15 11:29:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 14:25:32 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-13 10:37:21 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-13 10:04:15 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-09 11:10:52 0 d-------- C:\Program Files\HP
2007-01-26 15:19:00 0 d-------- C:\Program Files\Avery Wizard 3.0<AVERYW~1.0>
2007-01-26 14:43:14 0 d-------- C:\Program Files\Common Files\Avery
2007-01-24 10:54:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Adobe
2007-01-23 12:51:14 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-19 15:02:42 0 d-------- C:\Program Files\X-Rite
2007-01-19 14:44:59 1350 --a------ C:\Documents and Settings\Steve Byars\Application Data\ColorPort.xml<COLORP~1.XML>
2007-01-18 10:13:59 0 d-------- C:\Program Files\McAfee.com
2007-01-18 10:11:24 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-18 10:09:11 44060 --a------ C:\WINDOWS\system32\oiurnexi.dll
2007-01-18 10:09:05 969851 ---hs---- C:\WINDOWS\system32\mlnmp.bak1<MLNMP~1.BAK>
2007-01-17 10:46:16 263963 --a------ C:\WINDOWS\system32\jkhhh.dll
2007-01-17 10:42:44 266883 --a------ C:\WINDOWS\system32\ddcya.dll
2007-01-16 15:23:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Lavasoft
2007-01-16 15:23:34 0 d-------- C:\Program Files\Lavasoft
2007-01-10 15:31:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\dvdcss
2007-01-10 14:23:18 0 d-------- C:\Program Files\Xilisoft
2007-01-10 12:02:18 0 d-------- C:\Program Files\CloneDVD
2007-01-10 10:43:07 14545 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 15:41:04 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Help
2007-01-03 13

46 164568 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-01-03 13

45 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\River Past G5<RIVERP~1>
2007-01-02 16:01:19 0 d-------- C:\Program Files\Common Files\Ahead
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Pro 9800 (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S5I0P2.EXE /P30 \"EPSON Stylus Pro 9800 (Copy 1)\" /O6 \"USB002\" /M \"Stylus Pro 9800\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HPWUTOOLBOX"="C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe \"-i\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"RegistryMechanic"=""
"NWEReboot"=""
"CBSpoolDaemon"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16"="C:\\WINDOWS\\system32\\winjews16.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBSpoolDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="muxd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"
"item"="vebbamba"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vebbamba.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tcsd_win32.exe"=dword:00000002
"DataSvr2"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wxvault.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\LaunchU3.exe -a

-- End of ComboScan: finished at 2007-02-27 at 15:02:43 -------------------------

tetonbob · 02-27-2007, 01:24 PM

Quote:

I could not run VirusTotal, tried several times, it shut down the window and explorer each time.. seemed to do this after reaching this file: SW01068_q uig

Sorry, but I don't understand this comment.

VirusTotal was for C:\Windows\System32\wxvault.dll , which you apparently were able to scan.

tetonbob · 02-27-2007, 01:26 PM

Also, where is the VundoFix log?

steve2603 · 02-27-2007, 01:34 PM

more files:

Note:

Please only attach files if requested. Easier to read in the clear.

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 12:27:47 PM 27-Feb-07

Listing files found while scanning....

C:\WINDOWS\system32\abcafwmf.exe
C:\WINDOWS\system32\aeegtevb.exe
C:\WINDOWS\system32\apgvndvf.exe
C:\WINDOWS\system32\ariiftpu.exe
C:\WINDOWS\system32\auuteryf.exe
C:\WINDOWS\system32\avfjldto.exe
C:\WINDOWS\system32\awtqoop.dll
C:\WINDOWS\system32\bcwvfmsc.exe
C:\WINDOWS\system32\bgywirvp.exe
C:\WINDOWS\system32\budiivek.exe
C:\WINDOWS\system32\byfdioow.dll
C:\WINDOWS\system32\byxvwxw.dll
C:\WINDOWS\system32\byxxutr.dll
C:\WINDOWS\system32\cbxwvsq.dll
C:\WINDOWS\system32\cgeixbyk.exe
C:\WINDOWS\system32\dcdvtvem.exe
C:\WINDOWS\system32\ddcdbxy.dll
C:\WINDOWS\system32\doghtpvg.exe
C:\WINDOWS\system32\ebctsuej.exe
C:\WINDOWS\system32\efcyxww.dll
C:\WINDOWS\system32\ejvlhgjh.exe
C:\WINDOWS\system32\emgrumpu.dll
C:\WINDOWS\system32\eogqkewp.exe
C:\WINDOWS\system32\erfsmuue.ini
C:\WINDOWS\system32\erpayxld.exe
C:\WINDOWS\system32\euumsfre.dll
C:\WINDOWS\system32\famvttoa.exe
C:\WINDOWS\system32\fccyvww.dll
C:\WINDOWS\system32\fdgcokcf.exe
C:\WINDOWS\system32\fftfvuun.exe
C:\WINDOWS\system32\fjxwogqd.exe
C:\WINDOWS\system32\flhrttuf.exe
C:\WINDOWS\system32\fogfpewe.dll
C:\WINDOWS\system32\gebcdec.dll
C:\WINDOWS\system32\geldhlle.exe
C:\WINDOWS\system32\gsltmnqu.exe
C:\WINDOWS\system32\hkchdijs.exe
C:\WINDOWS\system32\hwnfbsgv.exe
C:\WINDOWS\system32\hxhqanet.exe
C:\WINDOWS\system32\ieytykou.exe
C:\WINDOWS\system32\iifccby.dll
C:\WINDOWS\system32\iifebxw.dll
C:\WINDOWS\system32\inalppwv.exe
C:\WINDOWS\system32\iqjhcpgw.exe
C:\WINDOWS\system32\jdexgisw.exe
C:\WINDOWS\system32\jdmcubbw.exe
C:\WINDOWS\system32\jgbxexai.exe
C:\WINDOWS\system32\jglkubju.exe
C:\WINDOWS\system32\jhdeqvhe.exe
C:\WINDOWS\system32\jkkhgda.dll
C:\WINDOWS\system32\jkkiife.dll
C:\WINDOWS\system32\jkwycosq.exe
C:\WINDOWS\system32\jmhvswib.exe
C:\WINDOWS\system32\jtuwksjf.exe
C:\WINDOWS\system32\kchoxdcs.exe
C:\WINDOWS\system32\khfgday.dll
C:\WINDOWS\system32\koqylpao.exe
C:\WINDOWS\system32\kqrlxkcy.dll
C:\WINDOWS\system32\kudpwdiy.exe
C:\WINDOWS\system32\ljjhiii.dll
C:\WINDOWS\system32\ljjlkxoh.exe
C:\WINDOWS\system32\lknesecp.exe
C:\WINDOWS\system32\llrlvohv.exe
C:\WINDOWS\system32\lwiijwfn.exe
C:\WINDOWS\system32\lxvsjkqa.exe
C:\WINDOWS\system32\mcanwthd.exe
C:\WINDOWS\system32\mcaqkiem.exe
C:\WINDOWS\system32\mcihydee.exe
C:\WINDOWS\system32\mhtqxhhb.dll
C:\WINDOWS\system32\mljhggf.dll
C:\WINDOWS\system32\myhmxlfb.exe
C:\WINDOWS\system32\nbnfbupk.exe
C:\WINDOWS\system32\ncxglwve.exe
C:\WINDOWS\system32\nkgxusjt.exe
C:\WINDOWS\system32\nnnligf.dll
C:\WINDOWS\system32\nnnnnol.dll
C:\WINDOWS\system32\nnnomkh.dll
C:\WINDOWS\system32\nnnomml.dll
C:\WINDOWS\system32\nwoahhhd.exe
C:\WINDOWS\system32\nyasptpe.exe
C:\WINDOWS\system32\odfabywe.exe
C:\WINDOWS\system32\opnmjgf.dll
C:\WINDOWS\system32\pemyxbwg.exe
C:\WINDOWS\system32\pestgjbk.exe
C:\WINDOWS\system32\plohrpbm.exe
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmnnnom.dll
C:\WINDOWS\system32\pmqhbesl.exe
C:\WINDOWS\system32\pohxlntp.exe
C:\WINDOWS\system32\qgtllddx.exe
C:\WINDOWS\system32\qomkijk.dll
C:\WINDOWS\system32\qpcrnong.exe
C:\WINDOWS\system32\qtlucluo.exe
C:\WINDOWS\system32\rgmrdmqo.exe
C:\WINDOWS\system32\rmdijxuq.exe
C:\WINDOWS\system32\rvtwnapd.exe
C:\WINDOWS\system32\rwegycov.exe
C:\WINDOWS\system32\serqruwf.exe
C:\WINDOWS\system32\ssqnnki.dll
C:\WINDOWS\system32\ssqqnnl.dll
C:\WINDOWS\system32\tgaunndr.exe
C:\WINDOWS\system32\tirnwmcc.exe
C:\WINDOWS\system32\tmvhjrqi.exe
C:\WINDOWS\system32\udsroewm.exe
C:\WINDOWS\system32\ujjnmnsi.exe
C:\WINDOWS\system32\unvtqhtl.exe
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uujnmwns.exe
C:\WINDOWS\system32\uxtwassj.exe
C:\WINDOWS\system32\veffyefa.exe
C:\WINDOWS\system32\vhmujloy.exe
C:\WINDOWS\system32\vlgpjdlu.exe
C:\WINDOWS\system32\wdihnnhw.exe
C:\WINDOWS\system32\wjpfxpag.exe
C:\WINDOWS\system32\wmofanai.exe
C:\WINDOWS\system32\wtvnqbcy.exe
C:\WINDOWS\system32\wuaclekw.exe
C:\WINDOWS\system32\xitfjgfu.exe
C:\WINDOWS\system32\xxywusr.dll
C:\WINDOWS\system32\xxyyyvv.dll
C:\WINDOWS\system32\yadlwanh.exe
C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayxxvt.dll
C:\WINDOWS\system32\yayyyww.dll
C:\WINDOWS\system32\yboccwpi.exe
C:\WINDOWS\system32\ycoudqtl.exe
C:\WINDOWS\system32\yypmbcgv.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abcafwmf.exe
C:\WINDOWS\system32\abcafwmf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\aeegtevb.exe
C:\WINDOWS\system32\aeegtevb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\apgvndvf.exe
C:\WINDOWS\system32\apgvndvf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ariiftpu.exe
C:\WINDOWS\system32\ariiftpu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\auuteryf.exe
C:\WINDOWS\system32\auuteryf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\avfjldto.exe
C:\WINDOWS\system32\avfjldto.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqoop.dll
C:\WINDOWS\system32\awtqoop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcwvfmsc.exe
C:\WINDOWS\system32\bcwvfmsc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bgywirvp.exe
C:\WINDOWS\system32\bgywirvp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\budiivek.exe
C:\WINDOWS\system32\budiivek.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\byfdioow.dll
C:\WINDOWS\system32\byfdioow.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvwxw.dll
C:\WINDOWS\system32\byxvwxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxutr.dll
C:\WINDOWS\system32\byxxutr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwvsq.dll
C:\WINDOWS\system32\cbxwvsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cgeixbyk.exe
C:\WINDOWS\system32\cgeixbyk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcdvtvem.exe
C:\WINDOWS\system32\dcdvtvem.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdbxy.dll
C:\WINDOWS\system32\ddcdbxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\doghtpvg.exe
C:\WINDOWS\system32\doghtpvg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ebctsuej.exe
C:\WINDOWS\system32\ebctsuej.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyxww.dll
C:\WINDOWS\system32\efcyxww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ejvlhgjh.exe
C:\WINDOWS\system32\ejvlhgjh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\emgrumpu.dll
C:\WINDOWS\system32\emgrumpu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eogqkewp.exe
C:\WINDOWS\system32\eogqkewp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\erfsmuue.ini
C:\WINDOWS\system32\erfsmuue.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\erpayxld.exe
C:\WINDOWS\system32\erpayxld.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\euumsfre.dll
C:\WINDOWS\system32\euumsfre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\famvttoa.exe
C:\WINDOWS\system32\famvttoa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyvww.dll
C:\WINDOWS\system32\fccyvww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdgcokcf.exe
C:\WINDOWS\system32\fdgcokcf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fftfvuun.exe
C:\WINDOWS\system32\fftfvuun.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fjxwogqd.exe
C:\WINDOWS\system32\fjxwogqd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\flhrttuf.exe
C:\WINDOWS\system32\flhrttuf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fogfpewe.dll
C:\WINDOWS\system32\fogfpewe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcdec.dll
C:\WINDOWS\system32\gebcdec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geldhlle.exe
C:\WINDOWS\system32\geldhlle.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsltmnqu.exe
C:\WINDOWS\system32\gsltmnqu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkchdijs.exe
C:\WINDOWS\system32\hkchdijs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hwnfbsgv.exe
C:\WINDOWS\system32\hwnfbsgv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hxhqanet.exe
C:\WINDOWS\system32\hxhqanet.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ieytykou.exe
C:\WINDOWS\system32\ieytykou.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifccby.dll
C:\WINDOWS\system32\iifccby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifebxw.dll
C:\WINDOWS\system32\iifebxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\inalppwv.exe
C:\WINDOWS\system32\inalppwv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\iqjhcpgw.exe
C:\WINDOWS\system32\iqjhcpgw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdexgisw.exe
C:\WINDOWS\system32\jdexgisw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdmcubbw.exe
C:\WINDOWS\system32\jdmcubbw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jgbxexai.exe
C:\WINDOWS\system32\jgbxexai.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jglkubju.exe
C:\WINDOWS\system32\jglkubju.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhdeqvhe.exe
C:\WINDOWS\system32\jhdeqvhe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhgda.dll
C:\WINDOWS\system32\jkkhgda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkiife.dll
C:\WINDOWS\system32\jkkiife.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkwycosq.exe
C:\WINDOWS\system32\jkwycosq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmhvswib.exe
C:\WINDOWS\system32\jmhvswib.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtuwksjf.exe
C:\WINDOWS\system32\jtuwksjf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kchoxdcs.exe
C:\WINDOWS\system32\kchoxdcs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfgday.dll
C:\WINDOWS\system32\khfgday.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\koqylpao.exe
C:\WINDOWS\system32\koqylpao.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kqrlxkcy.dll
C:\WINDOWS\system32\kqrlxkcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kudpwdiy.exe
C:\WINDOWS\system32\kudpwdiy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhiii.dll
C:\WINDOWS\system32\ljjhiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjlkxoh.exe
C:\WINDOWS\system32\ljjlkxoh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lknesecp.exe
C:\WINDOWS\system32\lknesecp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\llrlvohv.exe
C:\WINDOWS\system32\llrlvohv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lwiijwfn.exe
C:\WINDOWS\system32\lwiijwfn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lxvsjkqa.exe
C:\WINDOWS\system32\lxvsjkqa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcanwthd.exe
C:\WINDOWS\system32\mcanwthd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcaqkiem.exe
C:\WINDOWS\system32\mcaqkiem.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcihydee.exe
C:\WINDOWS\system32\mcihydee.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhggf.dll
C:\WINDOWS\system32\mljhggf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\myhmxlfb.exe
C:\WINDOWS\system32\myhmxlfb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nbnfbupk.exe
C:\WINDOWS\system32\nbnfbupk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ncxglwve.exe
C:\WINDOWS\system32\ncxglwve.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nkgxusjt.exe
C:\WINDOWS\system32\nkgxusjt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnligf.dll
C:\WINDOWS\system32\nnnligf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnnol.dll
C:\WINDOWS\system32\nnnnnol.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnomkh.dll
C:\WINDOWS\system32\nnnomkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnomml.dll
C:\WINDOWS\system32\nnnomml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwoahhhd.exe
C:\WINDOWS\system32\nwoahhhd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nyasptpe.exe
C:\WINDOWS\system32\nyasptpe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\odfabywe.exe
C:\WINDOWS\system32\odfabywe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjgf.dll
C:\WINDOWS\system32\opnmjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pemyxbwg.exe
C:\WINDOWS\system32\pemyxbwg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pestgjbk.exe
C:\WINDOWS\system32\pestgjbk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\plohrpbm.exe
C:\WINDOWS\system32\plohrpbm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnom.dll
C:\WINDOWS\system32\pmnnnom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmqhbesl.exe
C:\WINDOWS\system32\pmqhbesl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pohxlntp.exe
C:\WINDOWS\system32\pohxlntp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgtllddx.exe
C:\WINDOWS\system32\qgtllddx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkijk.dll
C:\WINDOWS\system32\qomkijk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qpcrnong.exe
C:\WINDOWS\system32\qpcrnong.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtlucluo.exe
C:\WINDOWS\system32\qtlucluo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rgmrdmqo.exe
C:\WINDOWS\system32\rgmrdmqo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rmdijxuq.exe
C:\WINDOWS\system32\rmdijxuq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rvtwnapd.exe
C:\WINDOWS\system32\rvtwnapd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rwegycov.exe
C:\WINDOWS\system32\rwegycov.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\serqruwf.exe
C:\WINDOWS\system32\serqruwf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnki.dll
C:\WINDOWS\system32\ssqnnki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnnl.dll
C:\WINDOWS\system32\ssqqnnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tgaunndr.exe
C:\WINDOWS\system32\tgaunndr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tirnwmcc.exe
C:\WINDOWS\system32\tirnwmcc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmvhjrqi.exe
C:\WINDOWS\system32\tmvhjrqi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\udsroewm.exe
C:\WINDOWS\system32\udsroewm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ujjnmnsi.exe
C:\WINDOWS\system32\ujjnmnsi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\unvtqhtl.exe
C:\WINDOWS\system32\unvtqhtl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\urqpqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uujnmwns.exe
C:\WINDOWS\system32\uujnmwns.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxtwassj.exe
C:\WINDOWS\system32\uxtwassj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\veffyefa.exe
C:\WINDOWS\system32\veffyefa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vhmujloy.exe
C:\WINDOWS\system32\vhmujloy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlgpjdlu.exe
C:\WINDOWS\system32\vlgpjdlu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wdihnnhw.exe
C:\WINDOWS\system32\wdihnnhw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wjpfxpag.exe
C:\WINDOWS\system32\wjpfxpag.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wmofanai.exe
C:\WINDOWS\system32\wmofanai.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wtvnqbcy.exe
C:\WINDOWS\system32\wtvnqbcy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wuaclekw.exe
C:\WINDOWS\system32\wuaclekw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xitfjgfu.exe
C:\WINDOWS\system32\xitfjgfu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywusr.dll
C:\WINDOWS\system32\xxywusr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyyvv.dll
C:\WINDOWS\system32\xxyyyvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yadlwanh.exe
C:\WINDOWS\system32\yadlwanh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayayaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxxvt.dll
C:\WINDOWS\system32\yayxxvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyyww.dll
C:\WINDOWS\system32\yayyyww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yboccwpi.exe
C:\WINDOWS\system32\yboccwpi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycoudqtl.exe
C:\WINDOWS\system32\ycoudqtl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yypmbcgv.exe
C:\WINDOWS\system32\yypmbcgv.exe Has been deleted!

Performing Repairs to the registry.
Done!

steve2603 · 02-27-2007, 01:35 PM

Sorry, that should have been Panda Activescan..

tetonbob · 02-27-2007, 01:37 PM

Quote:

Originally Posted by steve2603

Sorry, that should have been Panda Activescan..

Ahh, Ok.

Let me review what you've sent so far....You still have quite a mess going on.

I'd advise keeping this machine offline as much as possible. If you can, communicate via a clean machine.

steve2603 · 02-27-2007, 01:40 PM

OK will do... I'll use my notebook for now.. and keep the infected machine offline..

tetonbob · 02-27-2007, 01:59 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

If possible, use a clean machine, and removable media such as USB thumb drive or CDR to transport tools to and reports from the infected machine.

---------------------------------------------------------------------------------------------

Download Pocket Killbox to your desktop. We'll use this shortly.

I have attached a file to this post - stevefix.zip Download this file to your desktop. We'll use this shortly.

Disconnect from the internet if you're still connected.

---------------------------------------------------------------------------------------------

Ad-Aware's AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
Unless they are turned off they could interfere with the fix by HijackThis.

---------------------------------------------------------------------------------------------

stevefix.zip

Double click on the zip folder you downloaded to your desktop, then double click on the reg file within. Click yes to allow it to merge into your registry.

---------------------------------------------------------------------------------------------

Launch KillBox.exe & select the following options:

delete on Reboot

All files (if available)

Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy

C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\appmgmt
C:\WINDOWS\system32\qomkijk.dll
C:\WINDOWS\system32\nybdnxsi.dll
C:\WINDOWS\system32\pqcreysq.dll
C:\WINDOWS\system32\ukjdpmmq.dll
C:\WINDOWS\system32\dkamlvtg.dll
C:\WINDOWS\system32\btyquldm.dll
C:\WINDOWS\system32\minglxkv.dll
C:\WINDOWS\system32\qtintf.dll
C:\WINDOWS\system32\vdktxdlr.dll
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\oiurnexi.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\exec1.exe
C:\WINDOWS\system32\winjews16.exe
C:\WINDOWS\system32\vebbamba.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select Yes

Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message.

Also, if the computer does not restart automatically, please restart it manually.

---------------------------------------------------------------------------------------------

Run VundoFix once again. Post it's log in your next reply.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file)
O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {7E0D0D24-256A-4C5E-A96B-FAA826870311} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing)
O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll

Close HijackThis now.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10

These are outdated, and security risks simply by having them still installed.

Leave Update 11, it is the latest update for Version 5.0

---------------------------------------------------------------------------------------------

I can't find enough information for this file -> C:\Windows\System32\wxvault.dll
Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here.

---------------------------------------------------------------------------------------------

Reestablish an internet connection. (better yet, use your notebook, and a thumbdrive)

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Disconnect again from the internet.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

---------------------------------------------------------------------------------------------

Post a new HJT log along with the DrWeb report, and the VundoFix report.

steve2603 · 02-27-2007, 03:12 PM

Thanks, I'll work through this tonight and come back with the logs tomorrow morning.

The wxvault file has little information on it...

wxvault - dynamic link library, version : 05.03.00.015

Nothing else shown...

cheers and thanks for the help..

tetonbob · 02-27-2007, 03:17 PM

Hi steve2603 -

I'd like some other eyes on that file, due to the limited information I'm getting, even though VirusTotal finds nothing suspicious. I don't like it's location, and the lack of info.

Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following lines into the Step 1: Paste Text window:

C:\Windows\System32\wxvault.dll

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next, please visit TheSpyKillers forum HERE

Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop.

Please report back here the link to your thread at SpyKiller.

tetonbob · 02-27-2007, 03:23 PM

Hi steve -

Scratch that....it's part of Embassy Trust Suite.

Do not fix this O20:

O20 - AppInit_DLLs: wxvault.dll

If you have already, let me know, we can restore it.

steve2603 · 02-27-2007, 04:20 PM

OK,

I left the machine running the dr web cureit scan.. I'll pick it up in the morning and post the logs.

thanks, Steve

steve2603 · 02-28-2007, 08:24 AM

Hi Tetonbob,

Here are the logs:

I have also attached a screenshot file as I am still getting a few windows open on re-boot..

VundoFix:

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 4:37:35 PM 27-Feb-07

Listing files found while scanning....

C:\WINDOWS\system32\mhtqxhhb.dll
C:\WINDOWS\system32\qomkijk.dll
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\vturs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!

Performing Repairs to the registry.
Done!

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:10:35 AM, on 28-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
C:\Program Files\X-Rite\PULSE ColorElite\PulseLaunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {89FD13F0-79CA-4803-94F7-593C4A392A04} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Dr Web (attached file)..

mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Will be deleted after reboot.;
btyquldm.dll;C:\!KillBox;Trojan.Juan;Deleted.;
dkamlvtg.dll;C:\!KillBox;Trojan.Juan;Deleted.;
jkhhh.dll;C:\!KillBox;Trojan.Virtumod;Deleted.;
minglxkv.dll;C:\!KillBox;Trojan.Juan;Deleted.;
nybdnxsi.dll;C:\!KillBox;Trojan.Juan;Deleted.;
oiurnexi.dll;C:\!KillBox;Trojan.Juan;Deleted.;
pqcreysq.dll;C:\!KillBox;Trojan.Juan;Deleted.;
qomkijk.dll;C:\!KillBox;Trojan.Virtumod;Deleted.;
ukjdpmmq.dll;C:\!KillBox;Trojan.Juan;Deleted.;
vdktxdlr.dll;C:\!KillBox;Trojan.Juan;Deleted.;
mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Deleted.;
mps.exe;C:\Program Files\McAfee\MPS;Probably BACKDOOR.Trojan;Incurable.Will be deleted after reboot.;
A0016040.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP114;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0016069.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP114;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0016176.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP115;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0016190.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0017335.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP119;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0017380.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP119;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0017397.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP120;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0018521.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019563.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP124;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019586.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP125;Trojan.Juan;Deleted.;
A0019620.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP125;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019732.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP129;Adware.TopSearch;Incurable.Deleted.;
A0019747.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130;Trojan.Virtumod;Deleted.;
A0019795.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP130;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019926.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP131;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019967.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP132;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0020002.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP133;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0020122.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0021139.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0021145.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP135;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0021317.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP136;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0021471.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP137;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0022669.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0022718.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141;Trojan.Virtumod;Deleted.;
A0023782.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP142;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024100.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP143;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024527.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024656.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP146;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024752.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP147;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024765.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP147;Trojan.Virtumod;Deleted.;
A0024767.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP147;Trojan.Virtumod;Deleted.;
A0024812.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP148;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024848.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP148;Trojan.Virtumod;Deleted.;
A0024862.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP149;Tool.ShutDown.11;Incurable.Deleted.;
A0024873.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP149;Tool.ShutDown.11;Incurable.Deleted.;
A0024926.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP149;Trojan.Juan;Deleted.;
A0024962.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP149;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0024995.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0024996.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0024997.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0024998.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0024999.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025000.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025002.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025003.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025004.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025005.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025006.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025007.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025008.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025009.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025010.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025011.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025012.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025013.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025014.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025015.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025016.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025017.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025019.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025020.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025021.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025023.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025024.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025025.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025026.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025027.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025028.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025029.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025030.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025031.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025032.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025033.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025034.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025037.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025038.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025039.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025040.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025041.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025042.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025043.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025044.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025045.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025046.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025047.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025048.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025049.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025050.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025051.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025052.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025053.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025054.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025055.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025056.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025057.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025058.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025059.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025060.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025061.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025062.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025063.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025064.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025065.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025066.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025067.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025068.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025070.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025072.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025073.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025074.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025075.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025076.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025077.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025078.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025079.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025080.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025081.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025082.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025083.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025084.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025085.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025086.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025087.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025088.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025089.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025090.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025091.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025093.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025094.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025095.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025096.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025097.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025098.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025099.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025100.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025101.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025102.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025103.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025104.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025105.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025106.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025107.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025108.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025109.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025110.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025111.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025113.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025114.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025115.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025116.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025117.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025118.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025119.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Adware.TopSearch;Incurable.Deleted.;
A0025245.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Tool.Prockill;Incurable.Deleted.;
A0025248.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025297.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025298.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025299.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025300.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025301.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025302.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025303.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025305.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025306.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Juan;Deleted.;
A0025307.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP151;Trojan.Virtumod;Deleted.;
A0025653.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025654.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025655.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Virtumod;Deleted.;
A0025656.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025657.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025658.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025659.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025660.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Virtumod;Deleted.;
A0025661.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
A0025662.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP154;Trojan.Juan;Deleted.;
abcafwmf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
aeegtevb.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
apgvndvf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ariiftpu.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
auuteryf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
avfjldto.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
bcwvfmsc.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
bgywirvp.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
budiivek.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
byfdioow.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
byxvwxw.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
byxxutr.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
cbxwvsq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
cgeixbyk.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
dcdvtvem.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ddcdbxy.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
doghtpvg.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ebctsuej.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
efcyxww.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ejvlhgjh.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
emgrumpu.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
eogqkewp.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
erpayxld.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
euumsfre.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
famvttoa.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
fdgcokcf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
fftfvuun.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
fjxwogqd.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
flhrttuf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
fogfpewe.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
gebcdec.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
geldhlle.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
gsltmnqu.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
hkchdijs.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
hwnfbsgv.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
hxhqanet.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ieytykou.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
inalppwv.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
iqjhcpgw.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jdexgisw.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jdmcubbw.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jgbxexai.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jglkubju.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jhdeqvhe.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jkkhgda.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jkkiife.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
jkwycosq.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jmhvswib.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
jtuwksjf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
kchoxdcs.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
khfgday.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
koqylpao.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
kqrlxkcy.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
kudpwdiy.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ljjhiii.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ljjlkxoh.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
lknesecp.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
llrlvohv.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
lwiijwfn.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
lxvsjkqa.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
mcanwthd.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
mcaqkiem.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
mcihydee.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
mljhggf.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
myhmxlfb.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
nbnfbupk.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ncxglwve.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
nkgxusjt.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
nnnligf.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nnnomkh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nwoahhhd.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
nyasptpe.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
odfabywe.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
opnmjgf.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pemyxbwg.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
pestgjbk.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
plohrpbm.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
pmkhi.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pmnnnom.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pmqhbesl.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
pohxlntp.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
qgtllddx.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
qomkijk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
qpcrnong.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
qtlucluo.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
rgmrdmqo.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
rmdijxuq.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
rvtwnapd.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
rwegycov.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
serqruwf.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ssqnnki.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
tgaunndr.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
tirnwmcc.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
tmvhjrqi.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
udsroewm.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
ujjnmnsi.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
unvtqhtl.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
urqpqrr.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uujnmwns.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
uxtwassj.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
veffyefa.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
vhmujloy.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
vlgpjdlu.exe.bad;C:\VundoFix Backups;Adware.TopSearch;Incurable.Deleted.;
wdihnnhw.exe.bad;C:\VundoFix Backups;Adware.TopSearch;;

Cheers, Steve

tetonbob · 02-28-2007, 08:44 AM

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {89FD13F0-79CA-4803-94F7-593C4A392A04} - C:\WINDOWS\system32\vturs.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Run ComboScan once again. Post it's log.

Regarding the messages at startup, it appears that a couple of your applications are corrupt. Nothing we've fixed, from what I can see. I've been focused on the massive malware removal project.

Sonic Manager and Doc Manager

You may need to reinstall them, or use any repair feature that may be included on the install disk.

DocManager is missing the MFC71.dll file, so it will complain until it gets it back.

Not sure what's causing the Sonic Update Manager messages, but you might see if you can find your answers here under Why does the Update Manager try to update all of the time?

steve2603 · 02-28-2007, 09:12 AM

Ok, done that & here's the comboscan log..

ComboScan v20070226.18 run by Steve Byars on 2007-02-28 at 11:05:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Steve Byars.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:05:18 AM, on 28-Feb-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\ImagePrint\spool\mux\muxd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
C:\Program Files\X-Rite\PULSE ColorElite\PulseLaunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
D:\Techsupport\comboscan.exe
C:\PROGRA~1\HIJACK~1\STEVEB~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Pro 9800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S5I0P2.EXE" /P30 "EPSON Stylus Pro 9800 (Copy 1)" /O6 "USB002" /M "Stylus Pro 9800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPWUTOOLBOX] "C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" "-i"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CBSpoolDaemon] "C:\Program Files\ImagePrint\spool\mux\muxd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Monitor Reminder.lnk = ?
O4 - Global Startup: Printer Watcher.lnk = C:\Program Files\EPSON\EPSON LFP Remote Panel\Printer Watcher\Printer Watcher.exe
O4 - Global Startup: PULSELaunch.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...66/mcfscan.cab
O18 - Protocol: bw+0 - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: McAfee Application Installer Cleanup (0082331172587804) (0082331172587804mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\008233~1.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

-- Files created between 2007-01-28 and 2007-02-28 ------------------------------

2007-02-27 17:01:26 0 d-------- C:\Documents and Settings\Steve Byars\DoctorWeb<DOCTOR~1>
2007-02-27 16:29:15 0 d-------- C:\!KillBox
2007-02-27 14:24:36 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-27 14:02:09 0 d-------- C:\SDFix
2007-02-27 12:45:31 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-27 12:45:26 0 d-------- C:\Program Files\Grisoft
2007-02-27 12:27:47 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-27 10:11:46 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-24 14:25:48 162 --a------ C:\install.dat
2007-02-24 14:04:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-02-24 14:02:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-24 14:02:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-24 14:02:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-24 14:02:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-24 14:02:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-24 14:02:30 0 d-------- C:\Program Files\Webroot
2007-02-24 14:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-24 14:01:47 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Webroot
2007-02-22 16:51:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-22 16:51:06 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-22 16:51:06 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-22 16:51:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-22 16:51:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-20 13:41:12 6206 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-20 12:37:11 0 d-------- C:\WINDOWS\McAfee.com
2007-02-20 12:18:11 0 d-------- C:\WINDOWS\system32\Dell
2007-02-20 11:38:47 66048 --a------ C:\WINDOWS\ieResetIcons.exe<IERESE~1.EXE>
2007-02-20 10:11:24 77824 --a------ C:\WINDOWS\system32\IPPTAMon.dll
2007-02-20 10:09:35 0 d-------- C:\Program Files\ImagePrint<IMAGEP~1>
2007-02-15 16:46:21 0 d-------- C:\epson
2007-02-15 10:47:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-09 10:59:50 1238 -----n--- C:\WINDOWS\hpwmdl03.dat
2007-02-09 10:59:50 60701 --a------ C:\WINDOWS\hpwins03.dat
2007-02-06 10:18:18 3567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2007-02-06 10:18:18 0 d-------- C:\Program Files\Olympus ES-10 Film Scanner<OLYMPU~1>
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-03 12:51:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-03 12:38:20 0 d-------- C:\Program Files\Downloaded Installations<DOWNLO~1>
2007-01-31 10:27:43 0 d-------- C:\Program Files\APC
2007-01-31 10:26:45 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-01-31 10:26:43 19200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2007-01-31 10:26:42 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

-- Find3M Report ----------------------------------------------------------------

2007-02-28 10:12:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\U3
2007-02-27 17:00:33 286720 --a------ C:\WINDOWS\system32\wxvault.dll
2007-02-27 16:57:42 0 d-------- C:\Program Files\Java
2007-02-27 15:41:02 0 d-------- C:\Program Files\BitComet
2007-02-27 14:48:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-27 14:48:11 0 d-------- C:\Program Files\iTunes
2007-02-27 14:48:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-27 09:49:58 0 d-------- C:\Program Files\McAfee
2007-02-27 09:48:06 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Wave Systems Corp<WAVESY~1>
2007-02-23 12:39:33 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 11:23:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-20 14:53:00 376832 --a------ C:\WINDOWS\system32\MPIWIN32.DLL
2007-02-20 14:53:00 43520 --a------ C:\WINDOWS\system32\CBNDLL.DLL
2007-02-20 14:52:55 44544 --a------ C:\WINDOWS\system32\ZEUS.DLL
2007-02-20 14:52:55 27136 --a------ C:\WINDOWS\system32\VNSERVER.DLL
2007-02-20 14:52:55 40960 --a------ C:\WINDOWS\system32\LMLIBEX.DLL
2007-02-20 13:11:23 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\SiteAdvisor<SITEAD~1>
2007-02-16 11:01:34 2766 --a------ C:\Documents and Settings\Steve Byars\Application Data\com.icctools.ColorShop.plist<COMICC~1.PLI>
2007-02-16 10:59:19 8 --a------ C:\Documents and Settings\Steve Byars\Application Data\_.ini
2007-02-15 11:29:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-13 10:37:21 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-13 10:04:15 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-09 11:10:52 0 d-------- C:\Program Files\HP
2007-01-26 15:19:00 0 d-------- C:\Program Files\Avery Wizard 3.0<AVERYW~1.0>
2007-01-26 14:43:14 0 d-------- C:\Program Files\Common Files\Avery
2007-01-24 10:54:49 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Adobe
2007-01-23 12:51:14 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-19 15:02:42 0 d-------- C:\Program Files\X-Rite
2007-01-19 14:44:59 1350 --a------ C:\Documents and Settings\Steve Byars\Application Data\ColorPort.xml<COLORP~1.XML>
2007-01-18 10:13:59 0 d-------- C:\Program Files\McAfee.com
2007-01-18 10:11:24 0 d-------- C:\Program Files\Common Files\McAfee
2007-01-16 15:23:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Lavasoft
2007-01-16 15:23:34 0 d-------- C:\Program Files\Lavasoft
2007-01-10 15:31:57 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\dvdcss
2007-01-10 14:23:18 0 d-------- C:\Program Files\Xilisoft
2007-01-10 12:02:18 0 d-------- C:\Program Files\CloneDVD
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-04 15:41:04 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\Help
2007-01-03 13

46 164568 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe<VIDEOC~1.EXE>
2007-01-03 13

45 0 d-------- C:\Program Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Program Files\Common Files\River Past<RIVERP~1>
2007-01-03 13

45 0 d-------- C:\Documents and Settings\Steve Byars\Application Data\River Past G5<RIVERP~1>
2007-01-02 16:01:19 0 d-------- C:\Program Files\Common Files\Ahead
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 01:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="\"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"Document Manager"="\"C:\\Program Files\\Wave Systems Corp\\Services Manager\\DocMgr\\bin\\docmgr.exe\""
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Pro 9800 (Copy 1)"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S5I0P2.EXE\" /P30 \"EPSON Stylus Pro 9800 (Copy 1)\" /O6 \"USB002\" /M \"Stylus Pro 9800\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TrueImageMonitor.exe"="\"C:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe\""
"AcronisTimounterMonitor"="\"C:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe\""
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HPWUTOOLBOX"="\"C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe\" \"-i\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"RegistryMechanic"=""
"NWEReboot"=""
"CBSpoolDaemon"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBSpoolDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="muxd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ImagePrint\\spool\\mux\\muxd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tcsd_win32.exe"=dword:00000002
"DataSvr2"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\LaunchU3.exe -a

-- End of ComboScan: finished at 2007-02-28 at 11:05:45 -------------------------

cheers, Steve

tetonbob · 02-28-2007, 09:19 AM

Looks good, Steve.

An orphan to remove:

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=-

Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Let me know about the error messages, and if you need more assistance with that.

In the meantime, let me give you this:

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so:

Open AVG Anti-Spyware.

On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

Here are a few very good free Antivirus products which are available:
- AOL Active Virus Shield (powered by Kaspersky Antivirus)
- Avast!
- AVG
- Avira PersonalEdition Classic
Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial
FIREWALL
If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Do not install more than one firewall program because they will conflict with each other.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

02-23-2007, 11:58 AM	#1 (permalink)
steve2603 Registered User Join Date: Feb 2007 Posts: 18 OS: xp pro	adware - Searchcolors Hi, Anyone know how to get rid of searchcolors ? Tried McAfee, ad-aware se and Norton but it just keeps coming back after a re-boot.. Thanks,..,

02-25-2007, 11:40 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. --------------------------------------------------------------------------------------------- Please do this: Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy and paste the contents of ComboScan.txt here. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt Please Attach Supplementary.txt to your post. If the folder does not open, please navigate to it. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt Click Upload. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2007, 09:02 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	That's quite a collection of nasties you have there. We'll have to do this in several posts, but this first round of tools and scanners should take out a lot of what's there. Among them, One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? --------------------------------------------------------------------------------------------- Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- P2P - I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. --------------------------------------------------------------------------------------------- Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in your next reply at the end of this fix. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only We'll use this later. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later. --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any): R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file) O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing) O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm ALL O18 Entries like this one, EXCEPT the first one. O18 - Protocol: bw+0s - {5B6EB715-B221-4173-8E19-7955C059BC2C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll O20 - Winlogon Notify: qomkijk - C:\WINDOWS\SYSTEM32\qomkijk.dll Close HijackThis now. --------------------------------------------------------------------------------------------- Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). --------------------------------------------------------------------------------------------- Run SDFix Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt here in your next reply. Please go to: VirusTotal At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD: C:\Windows\System32\wxvault.dll Click "Open". Then click the "Send" button at the top of the VirusTotal page. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Run ComboScan once again --------------------------------------------------------------------------------------------- Please return with logs from: C:\VundoFix.txt AVG Anti-Spyware VirusTotal Panda ComboScan.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2007, 01:26 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	Also, where is the VundoFix log? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2007, 01:59 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. If possible, use a clean machine, and removable media such as USB thumb drive or CDR to transport tools to and reports from the infected machine. --------------------------------------------------------------------------------------------- Download Pocket Killbox to your desktop. We'll use this shortly. I have attached a file to this post - stevefix.zip Download this file to your desktop. We'll use this shortly. Disconnect from the internet if you're still connected. --------------------------------------------------------------------------------------------- Ad-Aware's AdWatch Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AdWatch: Open AdAware SE. Go to AdWatch User Interface. Go to Tools and Preferences. At the bottom of the screen you will see 2 options Active and Automatic. Active: This will turn Ad-Watch On\Off without closing it Automatic: Suspicious activity will be blocked automatically Uncheck both options. You can enable these after resolving your problem. Unless they are turned off they could interfere with the fix by HijackThis. --------------------------------------------------------------------------------------------- stevefix.zip Double click on the zip folder you downloaded to your desktop, then double click on the reg file within. Click yes to allow it to merge into your registry. --------------------------------------------------------------------------------------------- Launch KillBox.exe & select the following options: delete on Reboot All files (if available) Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy C:\WINDOWS\system32\vturs.dll C:\WINDOWS\system32\ihkmp.ini2 C:\WINDOWS\system32\appmgmt C:\WINDOWS\system32\qomkijk.dll C:\WINDOWS\system32\nybdnxsi.dll C:\WINDOWS\system32\pqcreysq.dll C:\WINDOWS\system32\ukjdpmmq.dll C:\WINDOWS\system32\dkamlvtg.dll C:\WINDOWS\system32\btyquldm.dll C:\WINDOWS\system32\minglxkv.dll C:\WINDOWS\system32\qtintf.dll C:\WINDOWS\system32\vdktxdlr.dll C:\WINDOWS\system32\ihkmp.bak2 C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\oiurnexi.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\ddcya.dll C:\WINDOWS\system32\exec1.exe C:\WINDOWS\system32\winjews16.exe C:\WINDOWS\system32\vebbamba.dll * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * KillBox will alert you the files will be deleted on next reboot, click Yes * When asked to Reboot, select Yes Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message. Also, if the computer does not restart automatically, please restart it manually. --------------------------------------------------------------------------------------------- Run VundoFix once again. Post it's log in your next reply. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: (no name) - {38605018-0D69-4458-842B-9185938459B4} - (no file) O2 - BHO: (no name) - {4C9A6BF9-BCC2-461B-9C11-AA0F3983866A} - C:\WINDOWS\system32\pmkhi.dll (file missing) O2 - BHO: (no name) - {7E0D0D24-256A-4C5E-A96B-FAA826870311} - C:\WINDOWS\system32\vturs.dll O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\qomkijk.dll O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\mhtqxhhb.dll (file missing) O4 - HKLM\..\Run: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\vebbamba.dll",setvm O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe O20 - AppInit_DLLs: wxvault.dll O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll Close HijackThis now. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 J2SE Runtime Environment 5.0 Update 10 These are outdated, and security risks simply by having them still installed. Leave Update 11, it is the latest update for Version 5.0 --------------------------------------------------------------------------------------------- I can't find enough information for this file -> C:\Windows\System32\wxvault.dll Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here. --------------------------------------------------------------------------------------------- Reestablish an internet connection. (better yet, use your notebook, and a thumbdrive) * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe Disconnect again from the internet. Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. --------------------------------------------------------------------------------------------- Post a new HJT log along with the DrWeb report, and the VundoFix report. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 10-17-2007 at 08:47 PM.

02-27-2007, 01:35 PM	#9 (permalink)
steve2603 Registered User Join Date: Feb 2007 Posts: 18 OS: xp pro	Sorry, that should have been Panda Activescan..

02-27-2007, 01:40 PM	#11 (permalink)
steve2603 Registered User Join Date: Feb 2007 Posts: 18 OS: xp pro	OK will do... I'll use my notebook for now.. and keep the infected machine offline..

02-27-2007, 03:12 PM	#13 (permalink)
steve2603 Registered User Join Date: Feb 2007 Posts: 18 OS: xp pro	Thanks, I'll work through this tonight and come back with the logs tomorrow morning. The wxvault file has little information on it... wxvault - dynamic link library, version : 05.03.00.015 Nothing else shown... cheers and thanks for the help..

02-27-2007, 03:17 PM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	Hi steve2603 - I'd like some other eyes on that file, due to the limited information I'm getting, even though VirusTotal finds nothing suspicious. I don't like it's location, and the lack of info. Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop. Run SFP.exe. Please copy the following lines into the Step 1: Paste Text window: C:\Windows\System32\wxvault.dll then click "Continue". This will create a .cab file on your desktop named requested-files[Date/Time].cab Next, please visit TheSpyKillers forum HERE Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop. Please report back here the link to your thread at SpyKiller. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2007, 03:23 PM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	Hi steve - Scratch that....it's part of Embassy Trust Suite. Do not fix this O20: O20 - AppInit_DLLs: wxvault.dll If you have already, let me know, we can restore it. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-27-2007, 04:20 PM	#16 (permalink)
steve2603 Registered User Join Date: Feb 2007 Posts: 18 OS: xp pro	OK, I left the machine running the dr web cureit scan.. I'll pick it up in the morning and post the logs. thanks, Steve

02-28-2007, 08:44 AM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,444 OS: 2000 Pro; XP Pro; XP Home	CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: (no name) - {89FD13F0-79CA-4803-94F7-593C4A392A04} - C:\WINDOWS\system32\vturs.dll (file missing) Close HijackThis now. --------------------------------------------------------------------------------------------- Run ComboScan once again. Post it's log. Regarding the messages at startup, it appears that a couple of your applications are corrupt. Nothing we've fixed, from what I can see. I've been focused on the massive malware removal project. Sonic Manager and Doc Manager You may need to reinstall them, or use any repair feature that may be included on the install disk. DocManager is missing the MFC71.dll file, so it will complain until it gets it back. Not sure what's causing the Sonic Update Manager messages, but you might see if you can find your answers here under Why does the Update Manager try to update all of the time? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009