Hope this is the report your asking for... it prompted me to restart to remove some of the items.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: Off
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:30 PM: Shield States
6:30 PM: Spyware Definitions: 817
6:30 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
6:29 PM: Spy Sweeper 5.2.3.2132 started
5:18 PM: | End of Session, Friday, December 08, 2006 |
5:15 PM: Your spyware definitions have been updated.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: Off
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:08 PM: Shield States
5:08 PM: Spyware Definitions: 804
5:08 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
5:07 PM: Spy Sweeper 5.2.3.2132 started
5:07 PM: Spy Sweeper 5.2.3.2132 started
5:07 PM: | Start of Session, Friday, December 08, 2006 |
********
6:26 PM: Removal process completed. Elapsed time 00:01:48
6:26 PM: Preparing to restart your computer. Please wait...
6:25 PM: Quarantining All Traces: zedo cookie
6:25 PM: Quarantining All Traces: yadro cookie
6:25 PM: Quarantining All Traces: burstbeacon cookie
6:25 PM: Quarantining All Traces: tripod cookie
6:25 PM: Quarantining All Traces: tribalfusion cookie
6:25 PM: Quarantining All Traces: trafficmp cookie
6:25 PM: Quarantining All Traces: tacoda cookie
6:25 PM: Quarantining All Traces: statcounter cookie
6:25 PM: Quarantining All Traces: serving-sys cookie
6:25 PM: Quarantining All Traces: rightmedia cookie
6:25 PM: Quarantining All Traces: revenue.net cookie
6:25 PM: Quarantining All Traces: realmedia cookie
6:25 PM: Quarantining All Traces: questionmarket cookie
6:25 PM: Quarantining All Traces: nextag cookie
6:25 PM: Quarantining All Traces: mygeek cookie
6:25 PM: Quarantining All Traces: webtrends cookie
6:25 PM: Quarantining All Traces: hypertracker.com cookie
6:25 PM: Quarantining All Traces: gamespy cookie
6:25 PM: Quarantining All Traces: overture cookie
6:25 PM: Quarantining All Traces: burstnet cookie
6:25 PM: Quarantining All Traces: bizrate cookie
6:25 PM: Quarantining All Traces: belnk cookie
6:25 PM: Quarantining All Traces: atwola cookie
6:25 PM: Quarantining All Traces: ask cookie
6:25 PM: Quarantining All Traces: adtech cookie
6:25 PM: Quarantining All Traces: adserver cookie
6:25 PM: Quarantining All Traces: adreactor cookie
6:25 PM: Quarantining All Traces: pointroll cookie
6:25 PM: Quarantining All Traces: adrevolver cookie
6:25 PM: Quarantining All Traces: adknowledge cookie
6:25 PM: Quarantining All Traces: yieldmanager cookie
6:25 PM: Quarantining All Traces: 2o7.net cookie
6:25 PM: Quarantining All Traces: ipinsight
6:25 PM: Quarantining All Traces: tvmedia
6:25 PM: Quarantining All Traces: seekseek
6:25 PM: Quarantining All Traces: drsnsrch.com hijack
6:25 PM: Quarantining All Traces: desktop toolbar common components
6:25 PM: Quarantining All Traces: mindset interactive - favoriteman
6:25 PM: C:\WINDOWS\system32\updstdup is in use. It will be removed on reboot.
6:25 PM: boran is in use. It will be removed on reboot.
6:24 PM: Quarantining All Traces: boran
6:24 PM: Quarantining All Traces: winad
6:24 PM: Quarantining All Traces: directrevenue-abetterinternet
6:24 PM: Quarantining All Traces: cws-aboutblank
6:24 PM: Quarantining All Traces: websearch toolbar
6:24 PM: Removal process initiated
6:24 PM: Traces Found: 1338
6:24 PM: Custom Sweep has completed. Elapsed time 01:06:12
6:24 PM: File Sweep Complete, Elapsed Time: 01:03:08
Not enough storage is available to process this command
6:23 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Access is denied
6:23 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
6:21 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
6:14 PM: Warning: Failed to access drive F:
6:14 PM: Warning: Failed to access drive E:
6:10 PM: Warning: Failed to open file "d:\program files\dap\history\trey hudson\_lasthist.dat". The operation completed successfully
5:47 PM: BHO Shield: found: -- BHO installation denied at user request
5:47 PM: BHO Shield: found: -- BHO installation denied at user request
5:45 PM: C:\WINDOWS\inf\polall1r.inf (ID = 83425)
5:45 PM: Found Adware: directrevenue-abetterinternet
5:45 PM: C:\WINDOWS\inf\conscorr.inf (ID = 64277)
5:45 PM: Found Adware: ipinsight
5:45 PM: c:\windows\downloaded program files\winadx.inf (ID = 365853)
5:45 PM: C:\Documents and Settings\Trey Hudson\Application Data\tvmcwrd.dll (ID = 81712)
5:45 PM: c:\windows\downloaded program files\atpartners.inf (ID = 362384)
5:45 PM: Found Adware: mindset interactive - favoriteman
5:43 PM: C:\Documents and Settings\Trey Hudson\Application Data\tvmuknwrd.dll (ID = 81759)
5:43 PM: Found Adware: tvmedia
5:42 PM: Warning: Failed to open file "c:\documents and settings\trey hudson\application data\mozilla\firefox\profiles\default.8am\parent.lock". The operation completed successfully
5:41 PM: C:\WINDOWS\system32\DELETE (ID = 337455)
5:41 PM: C:\WINDOWS\Temp\exupstd\setup.exe (ID = 341665)
5:41 PM: C:\WINDOWS\Temp\theme.nls (ID = 337451)
5:21 PM: C:\WINDOWS\system32\updstdup (1 subtraces) (ID = 2147526734)
5:21 PM: C:\WINDOWS\system32\stdcache (1246 subtraces) (ID = 2147526733)
5:21 PM: C:\WINDOWS\Temp\stdpatch (ID = 2147526735)
5:21 PM: C:\WINDOWS\Temp\inspst (ID = 2147526971)
5:21 PM: C:\WINDOWS\webwork (1 subtraces) (ID = 2147527141)
5:21 PM: C:\Program Files\Common Files\Slmss (1 subtraces) (ID = 2147485759)
5:21 PM: Found Adware: seekseek
5:21 PM: C:\WINDOWS\Temp\insmms5 (1 subtraces) (ID = 2147526737)
5:21 PM: C:\WINDOWS\system32\updstdex (1 subtraces) (ID = 2147526736)
5:21 PM: C:\WINDOWS\system32\exuppsh (1 subtraces) (ID = 2147531781)
5:21 PM: C:\WINDOWS\system32\updadini (2 subtraces) (ID = 2147526964)
5:21 PM: C:\WINDOWS\system32\stdcache\814 (3 subtraces) (ID = 2147527381)
5:21 PM: Starting File Sweep
5:21 PM: Warning: Failed to access drive A:
5:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@zedo[2].txt (ID = 3762)
5:21 PM: Found Spy Cookie: zedo cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@yadro[1].txt (ID = 3743)
5:21 PM: Found Spy Cookie: yadro cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 2337)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 2335)
5:21 PM: Found Spy Cookie: burstbeacon cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 2309)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tripod[1].txt (ID = 3591)
5:21 PM: Found Spy Cookie: tripod cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tribalfusion[2].txt (ID = 3589)
5:21 PM: Found Spy Cookie: tribalfusion cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@trafficmp[1].txt (ID = 3581)
5:21 PM: Found Spy Cookie: trafficmp cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@tacoda[1].txt (ID = 6444)
5:21 PM: Found Spy Cookie: tacoda cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@statcounter[1].txt (ID = 3447)
5:21 PM: Found Spy Cookie: statcounter cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@serving-sys[2].txt (ID = 3343)
5:21 PM: Found Spy Cookie: serving-sys cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@rightmedia[2].txt (ID = 3259)
5:21 PM: Found Spy Cookie: rightmedia cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@revenue[1].txt (ID = 3257)
5:21 PM: Found Spy Cookie: revenue.net cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@realmedia[2].txt (ID = 3235)
5:21 PM: Found Spy Cookie: realmedia cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@questionmarket[1].txt (ID = 3217)
5:21 PM: Found Spy Cookie: questionmarket cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 3106)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@overture[1].txt (ID = 3105)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@nextag[1].txt (ID = 5014)
5:21 PM: Found Spy Cookie: nextag cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@mygeek[1].txt (ID = 3041)
5:21 PM: Found Spy Cookie: mygeek cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 2309)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 1958)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 3669)
5:21 PM: Found Spy Cookie: webtrends cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@hypertracker[1].txt (ID = 2817)
5:21 PM: Found Spy Cookie: hypertracker.com cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@gamespy[1].txt (ID = 2719)
5:21 PM: Found Spy Cookie: gamespy cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][2].txt (ID = 2293)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 3106)
5:21 PM: Found Spy Cookie: overture cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@burstnet[2].txt (ID = 2336)
5:21 PM: Found Spy Cookie: burstnet cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@bizrate[2].txt (ID = 2308)
5:21 PM: Found Spy Cookie: bizrate cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@belnk[1].txt (ID = 2292)
5:21 PM: Found Spy Cookie: belnk cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@atwola[2].txt (ID = 2255)
5:21 PM: Found Spy Cookie: atwola cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@ask[1].txt (ID = 2245)
5:21 PM: Found Spy Cookie: ask cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adtech[2].txt (ID = 2155)
5:21 PM: Found Spy Cookie: adtech cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adserver[1].txt (ID = 2141)
5:21 PM: Found Spy Cookie: adserver cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 2087)
5:21 PM: Found Spy Cookie: adreactor cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][1].txt (ID = 3148)
5:21 PM: Found Spy Cookie: pointroll cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[4].txt (ID = 2088)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[2].txt (ID = 2088)
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adrevolver[1].txt (ID = 2088)
5:21 PM: Found Spy Cookie: adrevolver cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@adknowledge[2].txt (ID = 2072)
5:21 PM: Found Spy Cookie: adknowledge cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey
[email protected][2].txt (ID = 3751)
5:21 PM: Found Spy Cookie: yieldmanager cookie
5:21 PM: c:\documents and settings\trey hudson\cookies\trey hudson@2o7[1].txt (ID = 1957)
5:21 PM: Found Spy Cookie: 2o7.net cookie
5:21 PM: Starting Cookie Sweep
5:21 PM: Registry Sweep Complete, Elapsed Time:00:00:27
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:21 PM: Found Adware: drsnsrch.com hijack
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\dsktb\ (ID = 128171)
5:21 PM: Found Adware: desktop toolbar common components
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
5:21 PM: HKU\S-1-5-21-842925246-436374069-839522115-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
5:21 PM: Found Adware: cws-aboutblank
5:20 PM: HKLM\software\mmsassist\ || pid (ID = 1602524)
5:20 PM: HKLM\system\currentcontrolset\enum\root\legacy_albus\ (ID = 1602261)
5:20 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || webwork (ID = 1601445)
5:20 PM: HKLM\software\mmsassist\ || mmsassist (ID = 1581241)
5:20 PM: HKLM\system\currentcontrolset\services\albus\ (ID = 1581088)
5:20 PM: HKLM\software\mmsassist\up\ (ID = 1580943)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webwork\ (ID = 1580935)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\vision communicate\ || uninstallstring (ID = 1580934)
5:20 PM: HKLM\software\classes\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}\ (ID = 1580916)
5:20 PM: HKCR\clsid\{4c611512-2c1d-44b2-a044-872ad2ad5a61}\ (ID = 1580898)
5:20 PM: HKLM\software\microsoft\windows\currentversion\uninstall\vision communicate\ || displayname (ID = 1541655)
5:20 PM: Found Adware: boran
5:20 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadx.dll\ (ID = 147198)
5:20 PM: Found Adware: winad
5:20 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (ID = 146482)
5:20 PM: Found Adware: websearch toolbar
5:20 PM: Starting Registry Sweep
5:20 PM: Memory Sweep Complete, Elapsed Time: 00:02:27
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: BHO Shield: found: -- BHO installation denied at user request
5:18 PM: Starting Memory Sweep
5:18 PM: Start Custom Sweep
5:18 PM: Sweep initiated using definitions version 817
5:18 PM: Spy Sweeper 5.2.3.2132 started
5:18 PM: | Start of Session, Friday, December 08, 2006 |
********
----Spysweeper keeps telling me EXPLORER.EXE is attempting to install a browser add-on.
And the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:34:53 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Desktop Stuff\antihijack soft\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapp...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ijji.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {969C2D80-5C49-993C-76C2-8A08939ADC56} - (no file)
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CursorXP] "D:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: >> ²ÊÐÅ·¢ËÍ << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: ¿áÈÈÓ°Òô - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1150247875765O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -
http://gamedownload....GPlugin7USA.cabO16 - DPF: {BC5E698E-77CF-45EF-80A3-090A4B6AAF83} (HGPlugin8USA Class) -
http://gamedownload....GPlugin8USA.cabO16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload....GPlugin9USA.cabO18 - Protocol: bw+0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {10B84610-C91C-4800-B89A-08C02937F3EE} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: winyok - Unknown owner - C:\WINDOWS\TEMP\yok666\yok.exe (file missing)