LDTATE,
You are great!!!!!!! Obviously , the SpySweeper worked, and I am able to access the forum again.
Here is the log file:
4:16 PM: | Start of Session, Saturday, April 01, 2006 |
4:16 PM: Spy Sweeper started
4:16 PM: Sweep initiated using definitions version 646
4:16 PM: Starting Memory Sweep
4:17 PM: Found Adware: clkoptimizer
4:17 PM: Detected running threat: C:\WINDOWS\system32\dexefua.dll (ID = 268933)
4:20 PM: Detected running threat: C:\WINDOWS\system32\mgpin.exe (ID = 268934)
4:20 PM: Detected running threat: C:\WINDOWS\system32\wwyenm.exe (ID = 268995)
4:20 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || vodvnk (ID = 0)
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-501\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-500\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1011\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:20 PM: HKU\S-1-5-21-3569660965-917563655-3757435101-1006\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1005\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:20 PM: Detected running threat: C:\WINDOWS\system32\mgpin.exe (ID = 268934)
4:20 PM: Detected running threat: C:\WINDOWS\system32\mgpin.exe (ID = 268934)
4:20 PM: Memory Sweep Complete, Elapsed Time: 00:04:17
4:20 PM: Starting Registry Sweep
4:20 PM: Found Adware: dealhelper
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1011\software\timesynchonization\ (1 subtraces) (ID = 124818)
4:20 PM: Found Adware: targetsaver
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1011\software\microsoft\windows\currentversion\run\ || tsa2 (ID = 143603)
4:20 PM: Found Adware: sidesearch
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:20 PM: Found Adware: delfin
4:20 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1005\software\delfin\ (3 subtraces) (ID = 124848)
4:20 PM: Registry Sweep Complete, Elapsed Time:00:00:30
4:20 PM: Starting Cookie Sweep
4:20 PM: Found Spy Cookie: adknowledge cookie
4:20 PM: edward@adknowledge[2].txt (ID = 2072)
4:20 PM: Found Spy Cookie: azjmp cookie
4:20 PM: edward@azjmp[2].txt (ID = 2270)
4:20 PM: Found Spy Cookie: exitexchange cookie
4:20 PM: edward@exitexchange[1].txt (ID = 2633)
4:20 PM: Found Spy Cookie: ic-live cookie
4:20 PM: edward@ic-live[1].txt (ID = 2821)
4:20 PM: Found Spy Cookie: 247realmedia cookie
4:20 PM: rob@247realmedia[1].txt (ID = 1953)
4:20 PM: Found Spy Cookie: 2o7.net cookie
4:20 PM: rob@2o7[2].txt (ID = 1957)
4:20 PM: Found Spy Cookie: 80503492 cookie
4:20 PM: rob@80503492[1].txt (ID = 2013)
4:20 PM: Found Spy Cookie: websponsors cookie
4:20 PM: rob@a.websponsors[2].txt (ID = 3665)
4:20 PM: Found Spy Cookie: about cookie
4:20 PM: rob@about[2].txt (ID = 2037)
4:20 PM: Found Spy Cookie: yieldmanager cookie
4:20 PM: rob@ad.yieldmanager[2].txt (ID = 3751)
4:20 PM: Found Spy Cookie: adecn cookie
4:20 PM: rob@adecn[1].txt (ID = 2063)
4:20 PM: rob@adknowledge[2].txt (ID = 2072)
4:20 PM: Found Spy Cookie: hbmediapro cookie
4:20 PM: rob@adopt.hbmediapro[2].txt (ID = 2768)
4:20 PM: Found Spy Cookie: specificclick.com cookie
4:20 PM: rob@adopt.specificclick[2].txt (ID = 3400)
4:20 PM: Found Spy Cookie: advertising cookie
4:20 PM: rob@advertising[2].txt (ID = 2175)
4:20 PM: Found Spy Cookie: ask cookie
4:20 PM: rob@ask[1].txt (ID = 2245)
4:20 PM: Found Spy Cookie: atlas dmt cookie
4:20 PM: rob@atdmt[1].txt (ID = 2253)
4:20 PM: rob@azjmp[1].txt (ID = 2270)
4:20 PM: Found Spy Cookie: burstnet cookie
4:20 PM: rob@burstnet[1].txt (ID = 2336)
4:20 PM: Found Spy Cookie: casalemedia cookie
4:20 PM: rob@casalemedia[1].txt (ID = 2354)
4:20 PM: rob@compnetworking.about[2].txt (ID = 2038)
4:20 PM: Found Spy Cookie: overture cookie
4:20 PM: rob@data2.perf.overture[2].txt (ID = 3106)
4:20 PM: Found Spy Cookie: directtrack cookie
4:20 PM: rob@directtrack[1].txt (ID = 2527)
4:20 PM: Found Spy Cookie: epilot cookie
4:20 PM: rob@epilot[1].txt (ID = 2621)
4:20 PM: rob@exitexchange[1].txt (ID = 2633)
4:20 PM: Found Spy Cookie: clickandtrack cookie
4:20 PM: rob@hits.clickandtrack[1].txt (ID = 2397)
4:20 PM: Found Spy Cookie: screensavers.com cookie
4:20 PM: rob@i.screensavers[1].txt (ID = 3298)
4:20 PM: Found Spy Cookie: metareward.com cookie
4:20 PM: rob@metareward[2].txt (ID = 2990)
4:20 PM: rob@microsofteup.112.2o7[1].txt (ID = 1958)
4:20 PM: Found Spy Cookie: nuker cookie
4:20 PM: rob@nuker[2].txt (ID = 3085)
4:20 PM: rob@partygaming.122.2o7[1].txt (ID = 1958)
4:20 PM: Found Spy Cookie: partypoker cookie
4:20 PM: rob@partypoker[2].txt (ID = 3111)
4:20 PM: Found Spy Cookie: pro-market cookie
4:20 PM: rob@pro-market[1].txt (ID = 3197)
4:20 PM: rob@rapidresponse.directtrack[2].txt (ID = 2528)
4:20 PM: Found Spy Cookie: realmedia cookie
4:20 PM: rob@realmedia[2].txt (ID = 3235)
4:20 PM: Found Spy Cookie: reliablestats cookie
4:20 PM: rob@stats1.reliablestats[2].txt (ID = 3254)
4:20 PM: Found Spy Cookie: tacoda cookie
4:20 PM: rob@tacoda[1].txt (ID = 6444)
4:20 PM: Found Spy Cookie: toplist cookie
4:20 PM: rob@toplist[1].txt (ID = 3557)
4:20 PM: Found Spy Cookie: tribalfusion cookie
4:20 PM: rob@tribalfusion[2].txt (ID = 3589)
4:20 PM: Found Spy Cookie: web-stat cookie
4:20 PM: rob@web-stat[2].txt (ID = 3648)
4:20 PM: Found Spy Cookie: webpower cookie
4:20 PM: rob@webpower[2].txt (ID = 3660)
4:20 PM: Found Spy Cookie: winantiviruspro cookie
4:21 PM: rob@winantiviruspro[1].txt (ID = 3689)
4:21 PM: Found Spy Cookie: myaffiliateprogram.com cookie
4:21 PM: rob@www.myaffiliateprogram[2].txt (ID = 3032)
4:21 PM: rob@www.screensavers[1].txt (ID = 3298)
4:21 PM: rob@yieldmanager[2].txt (ID = 3749)
4:21 PM: Found Spy Cookie: adserver cookie
4:21 PM: rob@z1.adserver[1].txt (ID = 2142)
4:21 PM: Found Spy Cookie: zedo cookie
4:21 PM: rob@zedo[1].txt (ID = 3762)
4:21 PM: clynch@ad.yieldmanager[2].txt (ID = 3751)
4:21 PM: Found Spy Cookie: addynamix cookie
4:21 PM: clynch@ads.addynamix[2].txt (ID = 2062)
4:21 PM: clynch@advertising[2].txt (ID = 2175)
4:21 PM: clynch@atdmt[2].txt (ID = 2253)
4:21 PM: Found Spy Cookie: mediaplex cookie
4:21 PM: clynch@mediaplex[2].txt (ID = 6442)
4:21 PM: Found Spy Cookie: nextag cookie
4:21 PM: clynch@nextag[2].txt (ID = 5014)
4:21 PM: Found Spy Cookie: questionmarket cookie
4:21 PM: clynch@questionmarket[1].txt (ID = 3217)
4:21 PM: Found Spy Cookie: coremetrics cookie
4:21 PM: clynch@twci.coremetrics[1].txt (ID = 2472)
4:21 PM: clynch@zedo[1].txt (ID = 3762)
4:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
4:21 PM: Starting File Sweep
4:21 PM: Found Adware: great net downloadware
4:21 PM: c:\program files\medialoads (205 subtraces) (ID = -2147481081)
4:23 PM: Found System Monitor: pc-controller
4:23 PM: setup.exe (ID = 273574)
4:24 PM: Found Adware: clipgenie
4:24 PM: main.html (ID = 53069)
4:26 PM: Found Adware: dollarrevenue
4:26 PM: keyboard4.exe (ID = 268841)
4:26 PM: medialoads.lnk (ID = 59302)
4:33 PM: Found Adware: 180search assistant/zango
4:33 PM: salmau.dat (ID = 93788)
4:38 PM: scroller.swf (ID = 53090)
4:40 PM: f1_2b_categories.html (ID = 53045)
4:41 PM: Found Adware: brilliant digital
4:41 PM: bde3d_refp4.dll (ID = 51734)
4:42 PM: player.html (ID = 53078)
4:42 PM: playerslices.htm (ID = 53080)
4:45 PM: grvpreview.wmv (ID = 53061)
4:46 PM: Found Adware: topsearch
4:46 PM: topsearch.dll (ID = 79735)
4:55 PM: xcwmyro.exe (ID = 268932)
4:55 PM: wwyenm.exe (ID = 268995)
4:55 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || vodvnk (ID = 0)
4:55 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-501\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:55 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-500\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:55 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1011\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:55 PM: HKU\S-1-5-21-3569660965-917563655-3757435101-1006\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:55 PM: HKU\WRSS_Profile_S-1-5-21-3569660965-917563655-3757435101-1005\Software\Microsoft\Windows\CurrentVersion\Run || slkwo (ID = 0)
4:55 PM: mgpin.exe (ID = 268934)
4:55 PM: ofkfu.exe (ID = 268995)
4:55 PM: cunha.dat (ID = 268995)
4:55 PM: dexefua.dll (ID = 268933)
4:58 PM: launch.html (ID = 53068)
4:58 PM: f1_1.html (ID = 53043)
4:58 PM: f1_2a.html (ID = 53044)
4:58 PM: f1_3.html (ID = 53046)
4:58 PM: f2.html (ID = 53047)
4:58 PM: f3_1.html (ID = 53048)
4:58 PM: f3_2a_player.html (ID = 53049)
4:58 PM: f3_2b.html (ID = 53050)
4:58 PM: f3_3.html (ID = 53051)
4:58 PM: f3_4a_files.html (ID = 53052)
4:58 PM: f3_4b.html (ID = 53053)
4:58 PM: f3_5.html (ID = 53054)
4:58 PM: Warning: Failed to access drive D:
4:58 PM: Warning: Failed to access drive E:
4:58 PM: Found System Monitor: potentially rootkit-masked files
4:58 PM: zopenssld.sys (ID = 0)
4:58 PM: zopenssl.dll (ID = 0)
4:58 PM: setrefresh.zip (ID = 273574)
4:59 PM: Warning: Invalid file - not a PKZip file
4:59 PM: Warning: Invalid Stream
4:59 PM: File Sweep Complete, Elapsed Time: 00:38:15
4:59 PM: Full Sweep has completed. Elapsed time 00:43:16
4:59 PM: Traces Found: 320
5:04 PM: Removal process initiated
5:05 PM: Quarantining All Traces: 180search assistant/zango
5:05 PM: Quarantining All Traces: clkoptimizer
5:05 PM: clkoptimizer is in use. It will be removed on reboot.
5:05 PM: wwyenm.exe is in use. It will be removed on reboot.
5:05 PM: mgpin.exe is in use. It will be removed on reboot.
5:05 PM: ofkfu.exe is in use. It will be removed on reboot.
5:05 PM: dexefua.dll is in use. It will be removed on reboot.
5:05 PM: C:\WINDOWS\system32\dexefua.dll is in use. It will be removed on reboot.
5:05 PM: C:\WINDOWS\system32\mgpin.exe is in use. It will be removed on reboot.
5:05 PM: C:\WINDOWS\system32\wwyenm.exe is in use. It will be removed on reboot.
5:05 PM: C:\WINDOWS\system32\mgpin.exe is in use. It will be removed on reboot.
5:05 PM: C:\WINDOWS\system32\mgpin.exe is in use. It will be removed on reboot.
5:05 PM: Quarantining All Traces: pc-controller
5:05 PM: Quarantining All Traces: potentially rootkit-masked files
5:05 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
5:05 PM: zopenssld.sys is in use. It will be removed on reboot.
5:05 PM: zopenssl.dll is in use. It will be removed on reboot.
5:05 PM: Quarantining All Traces: delfin
5:05 PM: Quarantining All Traces: dollarrevenue
5:05 PM: Quarantining All Traces: sidesearch
5:05 PM: Quarantining All Traces: brilliant digital
5:05 PM: Quarantining All Traces: clipgenie
5:05 PM: Quarantining All Traces: dealhelper
5:05 PM: Quarantining All Traces: great net downloadware
5:05 PM: Quarantining All Traces: targetsaver
5:06 PM: Quarantining All Traces: topsearch
5:06 PM: Quarantining All Traces: 247realmedia cookie
5:06 PM: Quarantining All Traces: 2o7.net cookie
5:06 PM: Quarantining All Traces: 80503492 cookie
5:06 PM: Quarantining All Traces: about cookie
5:06 PM: Quarantining All Traces: addynamix cookie
5:06 PM: Quarantining All Traces: adecn cookie
5:06 PM: Quarantining All Traces: adknowledge cookie
5:06 PM: Quarantining All Traces: adserver cookie
5:06 PM: Quarantining All Traces: advertising cookie
5:06 PM: Quarantining All Traces: ask cookie
5:06 PM: Quarantining All Traces: atlas dmt cookie
5:06 PM: Quarantining All Traces: azjmp cookie
5:06 PM: Quarantining All Traces: burstnet cookie
5:06 PM: Quarantining All Traces: casalemedia cookie
5:06 PM: Quarantining All Traces: clickandtrack cookie
5:06 PM: Quarantining All Traces: coremetrics cookie
5:06 PM: Quarantining All Traces: directtrack cookie
5:06 PM: Quarantining All Traces: epilot cookie
5:06 PM: Quarantining All Traces: exitexchange cookie
5:06 PM: Quarantining All Traces: hbmediapro cookie
5:06 PM: Quarantining All Traces: ic-live cookie
5:06 PM: Quarantining All Traces: mediaplex cookie
5:06 PM: Quarantining All Traces: metareward.com cookie
5:06 PM: Quarantining All Traces: myaffiliateprogram.com cookie
5:06 PM: Quarantining All Traces: nextag cookie
5:06 PM: Quarantining All Traces: nuker cookie
5:06 PM: Quarantining All Traces: overture cookie
5:06 PM: Quarantining All Traces: partypoker cookie
5:06 PM: Quarantining All Traces: pro-market cookie
5:06 PM: Quarantining All Traces: questionmarket cookie
5:06 PM: Quarantining All Traces: realmedia cookie
5:06 PM: Quarantining All Traces: reliablestats cookie
5:06 PM: Quarantining All Traces: screensavers.com cookie
5:06 PM: Quarantining All Traces: specificclick.com cookie
5:06 PM: Quarantining All Traces: tacoda cookie
5:06 PM: Quarantining All Traces: toplist cookie
5:06 PM: Quarantining All Traces: tribalfusion cookie
5:06 PM: Quarantining All Traces: webpower cookie
5:06 PM: Quarantining All Traces: websponsors cookie
5:06 PM: Quarantining All Traces: web-stat cookie
5:06 PM: Quarantining All Traces: winantiviruspro cookie
5:06 PM: Quarantining All Traces: yieldmanager cookie
5:06 PM: Quarantining All Traces: zedo cookie
5:06 PM: Warning: Launched explorer.exe
5:06 PM: Warning: Quarantine process could not restart Explorer.
5:06 PM: Preparing to restart your computer. Please wait...
5:06 PM: Removal process completed. Elapsed time 00:02:08
********
4:13 PM: | Start of Session, Saturday, April 01, 2006 |
4:13 PM: Spy Sweeper started
4:14 PM: Your spyware definitions have been updated.
4:16 PM: | End of Session, Saturday
Here is HJT log:
ile of HijackThis v1.99.1
Scan saved at 5:43:36 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://store.presari...&c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mgpin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xcwmyro.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://libcam.concor...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
http://www.trendmicr...scan/as4web.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -
http://wwemail.suppo...ts/SysQuery.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: zopenssl - zopenssl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Will wait for your advice on what to do next.
Thank you so much...
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
