View Full Version : Another fraud.windowsprotectionsuite Problem
Here is my logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:07 PM, on 11/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\ScanSoft\PaperPort\pptd40nt.exe
C:\Atomic Clock Sync\Atomic.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\SpamArrow\SpamArrow.exe
C:\SpamArrow\sa\sa_services.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Rachel E. Hoger\Desktop\HijackThis.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TF Update - - C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 3334 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Blade, forgive me if this sounds stupid -- I did what you asked, but when I try to run the .scr file, it says,
"Cannot find the program to use to open this program...." blah blah blah.
I tried to open it using Notepad, but it was just a bunch of gibberish.
Hi,
Please try one of the other links.
Actually, I tried all 3 -- the first appears to be a bad link or one I can't access, the second comes in as an .scr, & the third as a .pif. The .scr & .pif give me the same "what program do you want to use?" message!!!
:scratch:
Hi,
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
See if you're able to run DDS now.
Blade, I am SO sorry, but even that program gives me the same message -- I don't know what's going on, my PC is running fine otherwise, I run .exe files all the time with no problem at all.....
What on earth should I do?
Hi,
Let's try other scanner :)
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
Okay, for heavens sake, huh!!! Here is log.txt, I'll get the other in just a minute:
info.txt logfile of random's system information tool 1.06 2009-11-09 15:14:22
======Uninstall list======
-->AIS version 2.2 or higher installed
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
4Musics CDA to MP3 Converter 4.3-->"C:\4Musics CDA to MP3 Converter\unins000.exe"
Acronis*True*Image*Echo Workstation-->MsiExec.exe /X{6DC12C6C-414B-4780-B7E3-E7B0D65C33C2}
Activate ED-->C:\PROGRA~1\edutils\uninstal.exe
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 9 Standard - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AltoMP3 Gold 5.20-->C:\AltoMP3 Gold\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudibleManager-->C:\Documents and Settings\Rachel E. Hoger\My Documents\Audible\Bin\Upgrade.exe /Uninstall
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
bodybugg® Software-->C:\Program Files\InstallShield Installation Information\{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}\setup.exe -runfromtemp -l0x0409
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother HL-5280DW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26F14A29-CE63-462A-9AFE-3916F7EAB600}\Setup.exe" -l0x9 -removeonly /uninst
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9_C2 -removeonly
Canon i550-->C:\WINDOWS\system32\CNMCP49.exe "-PRINTERNAMECanon i550" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
CardRecovery 5.20-->"C:\CardRecovery\unins000.exe"
Century II MTL Illustrator Version 4.44-->MsiExec.exe /I{66FC28A3-FAA2-4AA2-8B4A-B436E76BFD93}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Express Assist 9.0-->"C:\EA9\unins000.exe"
Free Mp3 Wma Converter V 1.7.3-->"C:\Free Audio Pack\unins000.exe"
Free WMA to MP3 Converter 1.16-->"C:\Free WMA to MP3 Converter\unins000.exe"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Rachel E. Hoger\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 6800-->C:\Program Files\Hewlett-Packard\Deskjet 6800 Installs\Installer\setup.exe /x
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Laser App Enterprise-->MsiExec.exe /I{CAF5A879-9647-4A05-A366-29E6DBF0D868}
LimeWire PRO 5.2.13-->"C:\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\LINKSY~1\AUInst.dll,ExUninstall
Linksys Wireless-N USB Network Adapter WUSB300N-->C:\Program Files\InstallShield Installation Information\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Streets & Trips 2008-->MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.2)-->C:\Mozilla Firefox\uninstall\helper.exe
MP3 CD Maker-->C:\mp3cd\unins000.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mutual Trust Life Insurance Company-->C:\Tapestry\UNWISE.EXE C:\Tapestry\INSTALL.LOG
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PDFcamp add printer-->C:\WINDOWS\system32\unpdf.exe
PDFlib 4.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}\Setup.exe" -uninst
PDFLIB-->C:\PROGRA~1\COSSTEMP\UNWISE.EXE C:\PROGRA~1\COSSTEMP\PDFINSTALL.LOG
Peachtree Complete Accounting 2008-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0736311A-BCF5-4F80-AC0F-FE4E55DBF969}
PeachTree Signature Ready Forms-->MsiExec.exe /I{8BCB844B-0814-4354-A413-1063DB4618E9}
Pervasive Software PSQL v9.1 Client-->"C:\pvsw\unins000.exe"
Pervasive System Analyzer v9.1-->"C:\Program Files\Common Files\Pervasive Software Shared\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
River Past Audio CD Ripper-->C:\WINDOWS\Audio CD Ripper Uninstaller.exe
River Past Audio Converter-->C:\WINDOWS\Audio Converter Uninstaller.exe
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Sage Software Integration Services-->C:\Program Files\Integration Services\uninst.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy-->"C:\Spybot - Search & Destroy\unins000.exe"
Stellar Phoenix Photo Recovery v3.2-->"C:\Stellar Phoenix Photo Recovery\unins000.exe"
Thomson ONE 4.5 Build 31-->MsiExec.exe /X{0CF3CAE6-C07C-4F6E-8219-80089FD0309A}
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
======Hosts File======
74.125.45.100 test1111.com
74.125.45.100 test1112.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
======Security center information======
AV: Windows Security Suite
AV: Lavasoft Ad-Watch Live! Anti-Virus
FW: Windows Security Suite
======System event log======
Computer Name: REH
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 43190
Source Name: Tcpip
Time Written: 20091104091235.000000-360
Event Type: warning
User:
Computer Name: REH
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
Record Number: 43153
Source Name: Service Control Manager
Time Written: 20091103180348.000000-360
Event Type: error
User:
Computer Name: REH
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns-a.bbtec.net. No authentication protocol was available.
Record Number: 43147
Source Name: LSASRV
Time Written: 20091103092841.000000-360
Event Type: warning
User:
Computer Name: REH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001EE521399D. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 43127
Source Name: Dhcp
Time Written: 20091103015202.000000-360
Event Type: warning
User:
Computer Name: REH
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns-a.bbtec.net. No authentication protocol was available.
Record Number: 43108
Source Name: LSASRV
Time Written: 20091102155415.000000-360
Event Type: warning
User:
=====Application event log=====
Computer Name: REH
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.3429, fault address 0x000695bd.
Record Number: 22676
Source Name: Application Error
Time Written: 20090521085227.000000-360
Event Type: error
User:
Computer Name: REH
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x1032f6e0.
Record Number: 22654
Source Name: Application Error
Time Written: 20090518170932.000000-360
Event Type: error
User:
Computer Name: REH
Event Code: 11014
Message:
Record Number: 22636
Source Name: RouteService
Time Written: 20090517103509.000000-360
Event Type: warning
User:
Computer Name: REH
Event Code: 11014
Message:
Record Number: 22635
Source Name: RouteService
Time Written: 20090517103509.000000-360
Event Type: warning
User:
Computer Name: REH
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Record Number: 22632
Source Name: crypt32
Time Written: 20090516114436.000000-360
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\pvsw\bin;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"THOMSON_ONE"=C:\Program Files\Thomson Financial\Thomson ONE\
"TF_ACTIVITYMAP"=C:\Program Files\Thomson Financial\Thomson ONE\T1ActivityMap.dll
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"TF_PORTFOLIO_ANALYTICS_WRAPPER"=C:\Program Files\Thomson Financial\Thomson ONE\TPAWrap.dll
"T1Workspaces"=%AppData%\Thomson Financial\Thomson ONE\Workspaces\
-----------------EOF-----------------
And here is the other one (may have gotten them mixed up, but I'm sure you know which is which!):
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rachel E. Hoger at 2009-11-09 15:13:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 108 GB (71%) free of 152 GB
Total RAM: 1022 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:04 PM, on 11/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\ScanSoft\PaperPort\pptd40nt.exe
C:\Atomic Clock Sync\Atomic.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\SpamArrow\SpamArrow.exe
C:\SpamArrow\sa\sa_services.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\hpbpro.exe
C:\WINDOWS\system32\hpboid.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Rachel E. Hoger\Desktop\RSIT.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
C:\Documents and Settings\Rachel E. Hoger\Desktop\RSIT.exe
C:\Documents and Settings\Rachel E. Hoger\Desktop\Rachel E. Hoger.exe
C:\Program Files\Thomson Financial\Thomson ONE\ThomsonONE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Atomic.exe] C:\Atomic Clock Sync\Atomic.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\pvsw\bin\w3dbsmgr.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.allegiantair.com
O15 - Trusted Zone: www.amazon.com
O15 - Trusted Zone: http://www201.americanexpress.com
O15 - Trusted Zone: www.americanfunds.com
O15 - Trusted Zone: www.americanlegacy.com
O15 - Trusted Zone: http://my.apexfitness.com
O15 - Trusted Zone: www.bestbuy.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: http://www.bmwusa.com
O15 - Trusted Zone: http://www.business-supply.com
O15 - Trusted Zone: www.cff.org
O15 - Trusted Zone: mfasa.chase.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.checksunlimited.com
O15 - Trusted Zone: http://www.chowhound.com
O15 - Trusted Zone: http://www.computershare.com
O15 - Trusted Zone: http://www.copytalk.com
O15 - Trusted Zone: http://www.countryinns.com
O15 - Trusted Zone: http://accessories.us.dell.com
O15 - Trusted Zone: http://ecomm.dell.com
O15 - Trusted Zone: http://www.dermstore.com
O15 - Trusted Zone: http://www.dforce2.com
O15 - Trusted Zone: *.sso.dhl-usa.com
O15 - Trusted Zone: *.dhl.com
O15 - Trusted Zone: www.dsw.com
O15 - Trusted Zone: www.ebay.com
O15 - Trusted Zone: *.electriduct.com
O15 - Trusted Zone: http://pleasehold.evenue.ne
O15 - Trusted Zone: http://ev12.evenue.net
O15 - Trusted Zone: http://ev6.evenue.net
O15 - Trusted Zone: http://www.famousfootwear.com
O15 - Trusted Zone: http://www.fedex.com
O15 - Trusted Zone: http://www.final-score.com
O15 - Trusted Zone: *.firstclearing.com
O15 - Trusted Zone: http://www.footlocker.com
O15 - Trusted Zone: http://www.gbpac.com
O15 - Trusted Zone: www.ichotelsgroup.com
O15 - Trusted Zone: www.ingannuities.com
O15 - Trusted Zone: http://www.inland-american.com
O15 - Trusted Zone: www.inlandamerica.com
O15 - Trusted Zone: *.turbotax.intuit.com
O15 - Trusted Zone: http://turbotax.intuit.com
O15 - Trusted Zone: http://store.iomagic.com
O15 - Trusted Zone: www.josbank.com
O15 - Trusted Zone: http://www.kidshealth.org
O15 - Trusted Zone: www.kohls.com
O15 - Trusted Zone: http://www.lawyersandjudges.com
O15 - Trusted Zone: www.letstalk.com
O15 - Trusted Zone: http://www4.letstalk.com
O15 - Trusted Zone: www.limewire.com
O15 - Trusted Zone: www.lincolnfinancial.com
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://renniemom.livejournal.com
O15 - Trusted Zone: www.livejournal.com
O15 - Trusted Zone: www.lmodules.com
O15 - Trusted Zone: http://tools.lpl.com
O15 - Trusted Zone: http://webserver.lpl.com
O15 - Trusted Zone: www.lpl.com
O15 - Trusted Zone: www.marriott.com
O15 - Trusted Zone: www.naturemade.com
O15 - Trusted Zone: http://www.naturemade.com
O15 - Trusted Zone: http://www.network1sports.com
O15 - Trusted Zone: http://www.nytimes.com
O15 - Trusted Zone: http://export.opentable.com
O15 - Trusted Zone: http://www.opentable.com
O15 - Trusted Zone: http://www.organize.com
O15 - Trusted Zone: www.pacificlife.com
O15 - Trusted Zone: http://www.pacificlife.com
O15 - Trusted Zone: http://www.paperdirect.com
O15 - Trusted Zone: www.payless.com
O15 - Trusted Zone: http://www.payless.com
O15 - Trusted Zone: *.payless.com
O15 - Trusted Zone: *.paypal.com
O15 - Trusted Zone: www.pubsets.com
O15 - Trusted Zone: www.restockit.com
O15 - Trusted Zone: http://www.saucemagazine.com
O15 - Trusted Zone: www2.snapfish.com
O15 - Trusted Zone: http://www2.snapfish.com
O15 - Trusted Zone: www5.snapfish.com
O15 - Trusted Zone: http://www5.snapfish.com
O15 - Trusted Zone: www.snapfish5.com
O15 - Trusted Zone: http://www.specialtysupplies.com
O15 - Trusted Zone: www.staples.com
O15 - Trusted Zone: http://www.state.ia.us
O15 - Trusted Zone: player.streamtheworld.com
O15 - Trusted Zone: http://player.streamtheworld.com
O15 - Trusted Zone: *.sunamerica.com
O15 - Trusted Zone: http://www.target.com
O15 - Trusted Zone: http://www.teamestrogen.com
O15 - Trusted Zone: http://www.techforless.com
O15 - Trusted Zone: www.tigerdirect.com
O15 - Trusted Zone: www.tnbc.com
O15 - Trusted Zone: http://www.tunegenie.com
O15 - Trusted Zone: *.turbotaxonline.com
O15 - Trusted Zone: http://www.uslegalforms.com
O15 - Trusted Zone: *.vsrfin.com
O15 - Trusted Zone: http://daily.webshots.com
O15 - Trusted Zone: www.webshots.com
O15 - Trusted Zone: http://www.wilcoworld.net
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://us-dc1-order.store.yahoo.net
O15 - Trusted Zone: http://www.yum.com
O16 - DPF: {0D062C61-F69C-11D6-A718-00C0F02CC8EE} (FISERV FIPSCO Report Viewer) - https://lpss.amerus.com/amu/reports/control/amurptview.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/59/EN/html/gtdownlr.cab
O16 - DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} (FISERV FIPSCO Insmark Interface Class) - https://lpss.amerus.com/amu/InsMark/imkctl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E7F3869D-C8B5-47FF-8D72-D8BB6245CD91} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 27004 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-08-17 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-17 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-17 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"=C:\Lavasoft\Ad-Aware\Ad-Watch.exe []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-17 136600]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-29 1085440]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"Malwarebytes Anti-Malware (reboot)"=C:\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Atomic.exe"=C:\Atomic Clock Sync\Atomic.exe [2004-06-17 524288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-01-18 140568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe [2009-01-18 884928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaserAppUpdate]
C:\Laser App Enterprise\laupdate.exe [2009-09-11 1533720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-09-06 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
C:\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\ScanSoft\PAPERP~1\PPWebCap.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe [2009-01-19 1285504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\Palm\hotsync.exe [2004-04-13 299008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iFormat.lnk]
C:\UFDisk\UFDISK~1\iFormat.exe [2005-03-02 786432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-09-06 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
C:\SEC\NATURA~1\NATURA~1.EXE [2002-04-12 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rachel E. Hoger^Start Menu^Programs^Startup^Password Safe.lnk]
C:\PASSWO~1\pwsafe.exe -s []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe
Pervasive.SQL Workgroup Engine.lnk - C:\pvsw\bin\w3dbsmgr.exe
WG111v2 Smart Wizard Wireless Setting.lnk - C:\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2008-01-04 219504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\RealPlayer\realplay.exe"="C:\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Morpheus\mldonkey\mlnet.exe"="C:\Morpheus\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\LimeWire\LimeWire.exe"="C:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\msiexec.exe"="C:\WINDOWS\SYSTEM32\msiexec.exe:*:Enabled:Windows® installer"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface"
"C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\iTunes\iTunes.exe"="C:\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\Kazaa\kazaa.exe"="C:\Kazaa\kazaa.exe:*:Disabled:Kazaa Plus"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Disabled:P2P Networking"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\edutils\acted35.exe"="C:\Program Files\edutils\acted35.exe:*:Enabled:Activate ED"
"C:\Program Files\Thomson Financial\Thomson ONE\ThomsonONE.exe"="C:\Program Files\Thomson Financial\Thomson ONE\ThomsonONE.exe:*:Enabled:SmartStation"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Morpheus\MorphEXE.exe"="C:\Morpheus\MorphEXE.exe:*:Disabled:Morpheus"
"C:\Program Files\Peachtree\peachw.exe"="C:\Program Files\Peachtree\peachw.exe:*:Enabled:Peachtree Complete Accounting 2005"
"C:\pvsw\bin\w3sqlmgr.exe"="C:\pvsw\bin\w3sqlmgr.exe:*:Enabled:w3sqlmgr.exe"
"C:\pvsw\bin\w3lgo103.exe"="C:\pvsw\bin\w3lgo103.exe:*:Enabled:w3lgo103.exe"
"C:\Palm\Palm.exe"="C:\Palm\Palm.exe:*:Enabled:Palm Desktop"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\All Users\Application Data\0762a93\WI0762.exe"="C:\Documents and Settings\All Users\Application Data\0762a93\WI0762.exe:*:Enabled:Windows Security Suite"
"C:\Brother\Brmfl08b\FAXRX.exe"="C:\Brother\Brmfl08b\FAXRX.exe:*:Enabled:FAXRX.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Msetup.exe
======File associations======
.bat - open -
.bat - edit -
.com - open -
.scr - open -
.scr - install -
.scr - config -
======List of files/folders created in the last 3 months======
2009-11-09 15:12:50 ----D---- C:\rsit
2009-11-09 15:10:48 ----D---- C:\WINDOWS\SPOOL
2009-11-09 15:10:26 ----D---- C:\Program Files\PDFcamp
2009-11-09 14:29:17 ----D---- C:\Program Files\MSBuild
2009-11-09 14:25:08 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-09 14:25:06 ----D---- C:\WINDOWS\system32\en-us
2009-11-09 14:23:05 ----D---- C:\Program Files\Reference Assemblies
2009-11-09 14:22:07 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-09 14:21:08 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-11-09 14:08:31 ----D---- C:\WINDOWS\LastGood
2009-11-09 13:49:51 ----D---- C:\SS Install Files
2009-11-05 15:06:50 ----D---- C:\Documents and Settings\Rachel E. Hoger\Application Data\Malwarebytes
2009-11-05 15:06:39 ----D---- C:\Documents and Settings\All UsersDocuments and Settings\All Users\Application Data\Malwarebytes
2009-11-05 15:06:38 ----D---- C:\Malwarebytes' Anti-Malware
2009-10-12 14:10:46 ----D---- C:\Documents and Settings\Rachel E. Hoger\Application Data\PC-FAX TX
======List of files/folders modified in the last 1 months======
2009-11-09 15:13:37 ----HD---- C:\WINDOWS\INF
2009-11-09 15:13:11 ----SHD---- C:\WINDOWS\Installer
2009-11-09 15:12:57 ----AD---- C:\WINDOWS\Temp
2009-11-09 15:12:23 ----D---- C:\Config.Msi
2009-11-09 15:11:02 ----D---- C:\WINDOWS\WinSxS
2009-11-09 15:10:58 ----RSD---- C:\WINDOWS\Fonts
2009-11-09 15:10:58 ----D---- C:\WINDOWS\AppPatch
2009-11-09 15:10:49 ----AD---- C:\WINDOWS
2009-11-09 15:10:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-09 15:10:26 ----AD---- C:\Program Files
2009-11-09 15:08:33 ----D---- C:\WINDOWS\SYSTEM32
2009-11-09 15:02:13 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-09 15:02:00 ----RSD---- C:\WINDOWS\assembly
2009-11-09 15:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 14:53:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-09 14:49:10 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-11-09 14:30:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-09 14:22:29 ----AD---- C:\WINDOWS\system32\SPOOL
2009-11-09 14:21:04 ----A---- C:\WINDOWS\brmx2001.ini
2009-11-09 14:17:09 ----A---- C:\WINDOWS\brwmark.ini
2009-11-09 14:09:05 ----D---- C:\WINDOWS\Prefetch
2009-11-09 13:50:43 ----D---- C:\Program Files\BETASystems
2009-11-09 13:39:03 ----D---- C:\Laser App Enterprise
2009-11-09 12:56:39 ----A---- C:\test.txt
2009-11-09 10:11:15 ----D---- C:\Program Files\Peachtree
2009-11-08 21:10:25 ----D---- C:\Program Files\Outlook Express
2009-11-06 12:06:31 ----D---- C:\Palm
2009-11-06 12:02:55 ----A---- C:\WINDOWS\FDPV.INI
2009-11-06 11:44:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-06 09:12:54 ----D---- C:\LimeWire
2009-11-06 08:52:05 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-11-05 15:06:41 ----AD---- C:\WINDOWS\system32\DRIVERS
2009-11-05 14:47:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-02 11:40:26 ----D---- C:\MTL Insurance Company
2009-11-01 10:17:48 ----D---- C:\Program Files\Common Files\Peach
2009-10-28 15:55:42 ----D---- C:\WINDOWS\Minidump
2009-10-28 15:28:40 ----D---- C:\Documents and Settings
2009-10-28 10:03:58 ----D---- C:\WINDOWS\Help
2009-10-25 14:41:14 ----D---- C:\CPIC
2009-10-12 18:27:48 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-10-12 14:11:21 ----A---- C:\WINDOWS\Brpfx04a.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-10-31 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-10-31 206464]
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16512]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [2001-06-08 23200]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-02 44384]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-10-31 25930]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-09-06 24521]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\system32\DRIVERS\MRVW245.sys [2006-12-07 499456]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
S1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-10-31 241280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-11-03 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-11-03 71488]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2
2009-10-03 13:45:10 ----A---- C:\WINDOWS\system32\SYSTEM.INI
2009-10-03 13:45:10 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-30 09:35:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-28 06:42:35 ----A---- C:\WINDOWS\EurekaLog.ini
2009-09-25 09:13:57 ----D---- C:\Documents and Settings\Rachel E. Hoger\Application Data\Adobe
2009-09-24 11:31:29 ----D---- C:\Program Files\Common Files\Adobe
2009-09-24 11:31:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-24 11:31:25 ----AD---- C:\Program Files\Common Files
2009-09-24 11:27:12 ----D---- C:\Program Files\Adobe
2009-09-24 07:40:24 ----D---- C:\Documents and Settings\Rachel E. Hoger\Application Data\AdobeUM
2009-09-24 07:21:02 ----A---- C:\WINDOWS\cdplayer.ini
2009-09-18 11:11:02 ----D---- C:\Spybot - Search & Destroy
2009-08-17 09:00:03 ----D---- C:\Program Files\Java
2009-08-17 08:58:15 ----D---- C:\Program Files\LimeWire
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-10-31 144250]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-10-31 206464]
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16512]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [2001-06-08 23200]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-06-02 44384]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-10-31 25930]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-09-06 24521]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\system32\DRIVERS\MRVW245.sys [2006-12-07 499456]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-07-16 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
S1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-10-31 241280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-11-03 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-11-03 71488]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2005-05-20 13056]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-05-20 54528]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-10-31 30662]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2003-07-16 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-01-18 455960]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
R2 FreeAgentGoNext Service;Seagate Service; C:\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-17 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-12 1028432]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine; C:\WINDOWS\system32\srvany.exe [2007-05-16 13864]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-24 651720]
R3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [2004-03-01 77824]
R3 HP Status Server;HP Status Server; C:\WINDOWS\system32\hpboid.exe [2004-03-01 73728]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S2 WUSB300NSvc;WUSB300NSvc; C:\Program Files\Linksys\WUSB300N\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New rsit log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Blade, sorry for the delay in responding to your last message, but I was out of town & away from my desktop for a few days.
I ran the ComboFix program, & fraud.windowsprotectionsuite is gone! SpyBot comes up clean.
So I assume all is well; thank you very much for your assistance.
Good. May I see those logs, please? :)
Blade, I apologize, I just re-checked this site as I was cleaning out some IE bookmarks & saw your response; I have since deleted all of the programs you had me download to clean up the Malware, as well as the log reports.
(I was running an imaged backup of my desktop as I do every month & didn't want to have all of that still on there when I did the backup, for cleanliness's sake.)
I am sorry!
Rachel
It's ok but ComboFix has to be uninstalled properly :)
Please download ComboFix file from one of these locations to your desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Then do the following:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Blade, okay, it's uninstalled.
Thank you SO much.
:thanks:
Sorry again about the logs, I do tend to get ahead of myself -- please let me know if there is anything else I can do.
Rachel
If the problem is not existing anymore then I believe we're ready :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.