Hi Susan528:
I have followed your instructions, however please note that when I did the install for ewido I was not given any options other than to select the language; so I ended up with background guard installed
. I deactivated it prior to proceeding. A reboot occurred at the conclusion of Spy Sweeper and winlogon.dll was
reportedly removed during the restart process (but I still see it in the latest hijackthis log.....). Logs follow in order:
Spy Sweeper:
********
6:34 AM: | Start of Session, Saturday, June 24, 2006 |
6:34 AM: Spy Sweeper started
6:34 AM: Sweep initiated using definitions version 706
6:35 AM: Starting Memory Sweep
6:35 AM: Found Adware: purityscan
6:35 AM: Detected running threat: C:\WINDOWS\system32\winlogon.dll (ID = 305947)
6:39 AM: Memory Sweep Complete, Elapsed Time: 00:04:22
6:39 AM: Starting Registry Sweep
6:39 AM: Found System Monitor: email sentinel pro
6:39 AM: HKCR\.esp\ (1 subtraces) (ID = 1512784)
6:39 AM: HKU\WRSS_Profile_S-1-5-21-2247778763-2552189465-2221179514-1006\software\microsoft\windows\currentversion\run\ || aaou (ID = 137990)
6:39 AM: Registry Sweep Complete, Elapsed Time:00:00:25
6:39 AM: Starting Cookie Sweep
6:39 AM: Found Spy Cookie: nextag cookie
6:39 AM: mom@nextag[2].txt (ID = 5014)
6:39 AM: Found Spy Cookie: yieldmanager cookie
6:39 AM: marti@ad.yieldmanager[1].txt (ID = 3751)
6:39 AM: Found Spy Cookie: adrevolver cookie
6:39 AM: marti@adrevolver[1].txt (ID = 2088)
6:39 AM: marti@adrevolver[2].txt (ID = 2088)
6:39 AM: Found Spy Cookie: advertising cookie
6:39 AM: marti@advertising[2].txt (ID = 2175)
6:39 AM: Found Spy Cookie: casalemedia cookie
6:39 AM: marti@as.casalemedia[1].txt (ID = 2355)
6:39 AM: Found Spy Cookie: ask cookie
6:39 AM: marti@ask[1].txt (ID = 2245)
6:39 AM: Found Spy Cookie: atlas dmt cookie
6:39 AM: marti@atdmt[2].txt (ID = 2253)
6:39 AM: Found Spy Cookie: belnk cookie
6:39 AM: marti@ath.belnk[1].txt (ID = 2293)
6:39 AM: Found Spy Cookie: atwola cookie
6:39 AM: marti@atwola[1].txt (ID = 2255)
6:39 AM: Found Spy Cookie: bluestreak cookie
6:39 AM: marti@bluestreak[1].txt (ID = 2314)
6:39 AM: marti@casalemedia[1].txt (ID = 2354)
6:39 AM: Found Spy Cookie: fastclick cookie
6:39 AM: marti@fastclick[2].txt (ID = 2651)
6:39 AM: Found Spy Cookie: mediaplex cookie
6:39 AM: marti@mediaplex[1].txt (ID = 6442)
6:39 AM: Found Spy Cookie: realmedia cookie
6:39 AM: marti@network.realmedia[1].txt (ID = 3236)
6:39 AM: Found Spy Cookie: one-time-offer cookie
6:39 AM: marti@one-time-offer[2].txt (ID = 3095)
6:39 AM: Found Spy Cookie: questionmarket cookie
6:39 AM: marti@questionmarket[2].txt (ID = 3217)
6:39 AM: marti@realmedia[2].txt (ID = 3235)
6:39 AM: Found Spy Cookie: tacoda cookie
6:39 AM: marti@tacoda[1].txt (ID = 6444)
6:39 AM: Found Spy Cookie: tradedoubler cookie
6:39 AM: marti@tradedoubler[1].txt (ID = 3575)
6:39 AM: Found Spy Cookie: trafficmp cookie
6:39 AM: marti@trafficmp[1].txt (ID = 3581)
6:39 AM: Found Spy Cookie: tribalfusion cookie
6:39 AM: marti@tribalfusion[1].txt (ID = 3589)
6:39 AM: Found Spy Cookie: websponsors cookie
6:39 AM: rusty@a.websponsors[1].txt (ID = 3665)
6:39 AM: rusty@ad.yieldmanager[1].txt (ID = 3751)
6:39 AM: Found Spy Cookie: adecn cookie
6:39 AM: rusty@ad2.adecn[1].txt (ID = 2064)
6:39 AM: rusty@adecn[2].txt (ID = 2063)
6:39 AM: Found Spy Cookie: adknowledge cookie
6:39 AM: rusty@adknowledge[2].txt (ID = 2072)
6:39 AM: Found Spy Cookie: hbmediapro cookie
6:39 AM: rusty@adopt.hbmediapro[2].txt (ID = 2768)
6:39 AM: Found Spy Cookie: hotbar cookie
6:39 AM: rusty@adopt.hotbar[2].txt (ID = 4207)
6:39 AM: Found Spy Cookie: specificclick.com cookie
6:39 AM: rusty@adopt.specificclick[2].txt (ID = 3400)
6:39 AM: Found Spy Cookie: revenue.net cookie
6:39 AM: rusty@ads1.revenue[1].txt (ID = 3258)
6:39 AM: rusty@ask[2].txt (ID = 2245)
6:39 AM: rusty@atwola[1].txt (ID = 2255)
6:39 AM: rusty@belnk[1].txt (ID = 2292)
6:39 AM: Found Spy Cookie: enhance cookie
6:39 AM: rusty@c.enhance[1].txt (ID = 2614)
6:39 AM: Found Spy Cookie: goclick cookie
6:39 AM: rusty@c.goclick[2].txt (ID = 2733)
6:39 AM: rusty@dist.belnk[2].txt (ID = 2293)
6:39 AM: Found Spy Cookie: 2o7.net cookie
6:39 AM: rusty@gateway.122.2o7[1].txt (ID = 1958)
6:39 AM: Found Spy Cookie: clickandtrack cookie
6:39 AM: rusty@hits.clickandtrack[2].txt (ID = 2397)
6:39 AM: Found Spy Cookie: offeroptimizer cookie
6:39 AM: rusty@offeroptimizer[2].txt (ID = 3087)
6:39 AM: rusty@partygaming.122.2o7[1].txt (ID = 1958)
6:39 AM: Found Spy Cookie: partypoker cookie
6:39 AM: rusty@partypoker[1].txt (ID = 3111)
6:39 AM: rusty@temp2.adecn[1].txt (ID = 2064)
6:39 AM: rusty@trafficmp[1].txt (ID = 3581)
6:40 AM: Found Spy Cookie: webpower cookie
6:40 AM: owner@webpower[2].txt (ID = 3660)
6:40 AM: Cookie Sweep Complete, Elapsed Time: 00:00:09
6:40 AM: Starting File Sweep
6:52 AM: Warning: Failed to open file "c:\windows\$ntuninstallkb821253$\faultrep.dll". Access is denied
7:13 AM: Warning: Failed to open file "c:\windows\$ntuninstallkb821253$\dwwin.exe". Access is denied
7:20 AM: winlogon.dll (ID = 305947)
7:29 AM: Warning: Invalid Stream
7:29 AM: Warning: Unhandled Archive Type
7:29 AM: Warning: Invalid Stream
7:29 AM: Warning: Unhandled Archive Type
7:29 AM: File Sweep Complete, Elapsed Time: 00:49:46
7:29 AM: Full Sweep has completed. Elapsed time 00:54:56
7:29 AM: Traces Found: 50
7:30 AM: Removal process initiated
7:30 AM: Quarantining All Traces: email sentinel pro
7:30 AM: Quarantining All Traces: purityscan
7:30 AM: purityscan is in use. It will be removed on reboot.
7:30 AM: winlogon.dll is in use. It will be removed on reboot.
7:30 AM: C:\WINDOWS\system32\winlogon.dll is in use. It will be removed on reboot.
7:30 AM: Quarantining All Traces: 2o7.net cookie
7:30 AM: Quarantining All Traces: adecn cookie
7:30 AM: Quarantining All Traces: adknowledge cookie
7:30 AM: Quarantining All Traces: adrevolver cookie
7:30 AM: Quarantining All Traces: advertising cookie
7:30 AM: Quarantining All Traces: ask cookie
7:30 AM: Quarantining All Traces: atlas dmt cookie
7:30 AM: Quarantining All Traces: atwola cookie
7:30 AM: Quarantining All Traces: belnk cookie
7:30 AM: Quarantining All Traces: bluestreak cookie
7:30 AM: Quarantining All Traces: casalemedia cookie
7:30 AM: Quarantining All Traces: clickandtrack cookie
7:30 AM: Quarantining All Traces: enhance cookie
7:30 AM: Quarantining All Traces: fastclick cookie
7:30 AM: Quarantining All Traces: goclick cookie
7:30 AM: Quarantining All Traces: hbmediapro cookie
7:30 AM: Quarantining All Traces: hotbar cookie
7:30 AM: Quarantining All Traces: mediaplex cookie
7:30 AM: Quarantining All Traces: nextag cookie
7:30 AM: Quarantining All Traces: offeroptimizer cookie
7:30 AM: Quarantining All Traces: one-time-offer cookie
7:30 AM: Quarantining All Traces: partypoker cookie
7:30 AM: Quarantining All Traces: questionmarket cookie
7:30 AM: Quarantining All Traces: realmedia cookie
7:30 AM: Quarantining All Traces: revenue.net cookie
7:30 AM: Quarantining All Traces: specificclick.com cookie
7:30 AM: Quarantining All Traces: tacoda cookie
7:30 AM: Quarantining All Traces: tradedoubler cookie
7:30 AM: Quarantining All Traces: trafficmp cookie
7:30 AM: Quarantining All Traces: tribalfusion cookie
7:30 AM: Quarantining All Traces: webpower cookie
7:30 AM: Quarantining All Traces: websponsors cookie
7:30 AM: Quarantining All Traces: yieldmanager cookie
7:30 AM: Warning: Launched explorer.exe
7:30 AM: Warning: Quarantine process could not restart Explorer.
7:31 AM: Preparing to restart your computer. Please wait...
7:31 AM: Removal process completed. Elapsed time 00:01:15
********
6:32 AM: | Start of Session, Saturday, June 24, 2006 |
6:32 AM: Spy Sweeper started
6:33 AM: Your spyware definitions have been updated.
6:34 AM: | End of Session, Saturday, June 24, 2006 |
ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:26:16 AM 6/24/2006
+ Scan result:
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup (quarantined).
C:\Program Files\ѕecurity\arpa.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\YPN Consulting\70gd6qng.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\irpq5dwe.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Rusty\Application Data\Mozilla\Profiles\Rusty\l7wuzmdd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\YPN Consulting\70gd6qng.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\irpq5dwe.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Rusty\Application Data\Mozilla\Profiles\Rusty\l7wuzmdd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Rusty\Application Data\Mozilla\Profiles\Rusty\l7wuzmdd.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.34:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.39:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.40:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.41:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.42:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.46:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.47:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.48:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.49:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.56:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.57:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.58:C:\Documents and Settings\All Users\Documents\PhylMozBU\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.60:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.61:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.62:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.6:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.7:C:\Documents and Settings\Mom\Application Data\Mozilla\Profiles\default\kfbspo3g.slt\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Marti\Cookies\marti@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Rusty\Application Data\Mozilla\Profiles\Rusty\l7wuzmdd.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 9:43:20 AM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\notes\ntmulti.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\Spyware\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.csc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.csc.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\qckb\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) -
https://quicken.ehos...s/custappx3.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1093688482734
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) -
http://www.fastacces...bls_speedop.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.h...edsolutions.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://webmeeting.a...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative....15010/CTPID.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)