Hi Sarah,
Thanks a million for your help. your as good. i hope if have done the things you ask me the right way. ive included the two logs as requested. the file i was telling you about oringally seems to have gone out of the temp file but there is another new baddy ssqro.dll when spybot is going mad with that one now. will i just keep denying is access to the system start up registary. it just keeps popping up.
Anyways thanks again
Luke
heres my combofix log
ComboFix 08-03-07.4 - James H 2008-03-08 20:09:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.852 [GMT 0:00]
Running from: C:\Users\James H\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.
2008-03-08 19:53 . 2008-03-08 19:53 <DIR> d-------- C:\ComboFix(2)
2008-03-07 20:54 . 2008-03-07 20:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-07 20:37 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-03-07 20:37 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-03-07 20:37 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-03-07 20:36 . 2008-03-07 20:36 <DIR> d-------- C:\Users\James H\AppData\Roaming\Webroot
2008-03-07 20:36 . 2008-03-07 20:36 <DIR> d-------- C:\Users\All Users\Webroot
2008-03-07 20:36 . 2008-03-07 20:36 <DIR> d-------- C:\ProgramData\Webroot
2008-03-07 20:36 . 2008-03-07 20:36 <DIR> d-------- C:\Program Files\Webroot
2008-03-07 20:36 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-03-07 20:36 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-03-07 20:32 . 2008-03-07 20:32 164 --a------ C:\install.dat
2008-03-07 00:47 . 2008-03-07 00:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 19:52 . 2008-03-06 20:31 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-06 19:52 . 2008-03-06 20:31 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-06 19:52 . 2008-03-06 19:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 16:51 . 2008-03-06 16:54 <DIR> d-------- C:\Program Files\Windows Live
2008-03-06 16:51 . 2008-03-06 16:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-06 16:50 . 2008-03-06 16:50 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-06 16:50 . 2008-03-06 16:50 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-06 13:32 . 2008-03-06 13:32 <DIR> d--hs---- C:\found.000
2008-03-05 10:46 . 2008-03-08 12:24 <DIR> d-------- C:\Users\James H\AppData\Roaming\VMware
2008-03-04 23:43 . 2007-10-08 09:27 436,784 --a------ C:\Windows\System32\vnetlib.dll
2008-03-04 23:43 . 2007-10-08 09:26 150,064 --a------ C:\Windows\System32\vmnat.exe
2008-03-04 23:43 . 2007-10-08 09:26 121,392 --a------ C:\Windows\System32\vmnetdhcp.exe
2008-03-04 23:43 . 2007-10-08 09:26 50,992 -ra------ C:\Windows\System32\vmnetbridge.dll
2008-03-04 23:43 . 2007-10-08 09:26 28,592 -ra------ C:\Windows\System32\drivers\vmnetbridge.sys
2008-03-04 23:43 . 2007-10-08 09:27 25,008 --a------ C:\Windows\System32\drivers\vmnetuserif.sys
2008-03-04 23:43 . 2007-10-08 09:26 17,712 -ra------ C:\Windows\System32\drivers\vmnet.sys
2008-03-04 23:43 . 2007-10-08 09:26 16,816 --a------ C:\Windows\System32\drivers\vmnetadapter.sys
2008-03-04 23:43 . 2007-10-08 09:26 13,104 --a------ C:\Windows\System32\vnetinst.dll
2008-03-04 23:41 . 2007-10-08 09:26 30,768 --a------ C:\Windows\System32\drivers\vmusb.sys
2008-03-04 23:41 . 2007-10-08 09:27 20,912 --a------ C:\Windows\System32\drivers\VMkbd.sys
2008-03-04 23:41 . 2008-03-04 23:41 1,024 --a------ C:\.rnd
2008-03-04 23:38 . 2008-03-08 12:25 <DIR> d-------- C:\Users\All Users\VMware
2008-03-04 23:38 . 2008-03-08 12:25 <DIR> d-------- C:\ProgramData\VMware
2008-03-04 23:37 . 2008-03-04 23:37 <DIR> d-------- C:\Program Files\VMware
2008-03-04 23:37 . 2008-03-04 23:37 <DIR> d-------- C:\Program Files\Common Files\VMware
2008-03-04 18:06 . 2008-03-04 18:12 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-04 18:06 . 2008-03-04 18:12 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-04 18:06 . 2008-03-04 18:08 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-03-04 18:06 . 2008-03-04 18:07 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-03-04 18:03 . 2008-03-04 18:03 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-03-04 17:56 . 2007-10-27 00:46 779,800 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2008-03-04 17:56 . 2007-10-27 00:46 579,584 --a------ C:\Windows\System32\icardagt.exe
2008-03-04 17:56 . 2007-10-27 00:46 350,744 --a------ C:\Windows\System32\PresentationHost.exe
2008-03-04 17:56 . 2007-10-27 00:46 106,520 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-03-04 17:56 . 2007-10-30 03:12 88,576 --a------ C:\Windows\System32\infocardapi.dll
2008-03-04 17:56 . 2007-10-27 00:46 33,304 --a------ C:\Windows\System32\PresentationHostProxy.dll
2008-03-04 17:56 . 2007-10-30 03:09 28,160 --a------ C:\Windows\System32\infocardcpl.cpl
2008-03-04 17:56 . 2007-10-27 00:46 11,776 --a------ C:\Windows\System32\icardres.dll
2008-03-04 17:45 . 2007-10-27 00:46 41,984 --a------ C:\Windows\System32\netfxperf.dll
2008-03-04 17:44 . 2007-10-27 00:46 158,720 --a------ C:\Windows\System32\mscorier.dll
2008-03-04 17:44 . 2007-10-27 00:46 84,480 --a------ C:\Windows\System32\mscories.dll
2008-03-04 17:43 . 2007-10-27 00:46 282,112 --a------ C:\Windows\System32\mscoree.dll
2008-03-04 17:43 . 2007-10-27 00:46 96,760 --a------ C:\Windows\System32\dfshim.dll
2008-03-03 17:14 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\WebSite eXtractor
2008-03-03 17:14 . 2008-03-03 17:14 <DIR> d-------- C:\Internet
2008-03-03 17:14 . 2008-03-03 17:14 <DIR> d-------- C:\install
2008-02-28 20:19 . 2008-02-28 20:19 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-02-28 14:12 . 2008-02-28 14:12 <DIR> d-------- C:\perflogs
2008-02-27 19:20 . 2008-02-27 19:20 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-27 19:20 . 2008-02-27 19:20 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-27 19:11 . 2008-02-27 19:11 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-27 19:10 . 2008-02-27 19:10 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-27 19:10 . 2008-02-27 19:10 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-27 19:10 . 2008-02-27 19:10 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-27 19:10 . 2008-02-27 19:10 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-27 19:10 . 2008-02-27 19:10 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-27 19:09 . 2008-02-27 19:09 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-27 19:08 . 2008-02-27 19:08 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-27 19:08 . 2008-02-27 19:08 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-27 19:08 . 2008-02-27 19:08 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-27 19:08 . 2008-02-27 19:08 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-27 19:06 . 2008-02-27 19:06 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-27 19:04 . 2008-02-27 19:04 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-27 19:04 . 2008-02-27 19:04 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-27 19:04 . 2008-02-27 19:04 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-27 19:03 . 2008-02-27 19:03 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-21 23:49 . 2008-02-28 14:24 <DIR> d-------- C:\Program Files\ThumbNailer
2008-02-21 23:49 . 2008-02-21 23:49 <DIR> d-------- C:\Program Files\ClickPic
2008-02-19 17:32 . 2003-06-18 17:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-02-19 17:29 . 2008-02-19 17:29 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-02-19 17:28 . 2008-02-19 17:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-19 17:27 . 2008-02-19 17:27 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-19 17:26 . 2008-02-19 17:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-19 17:19 . 2008-02-19 17:19 <DIR> dr-h----- C:\MSOCache
2008-02-10 21:14 . 2008-02-10 21:14 <DIR> d-------- C:\Program Files\Alex Feinman
2008-02-10 21:06 . 2008-02-10 21:06 <DIR> d-------- C:\Users\All Users\TrueCrypt
2008-02-10 21:06 . 2008-02-10 21:06 <DIR> d-------- C:\ProgramData\TrueCrypt
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 23:41 --------- d-----w C:\Users\James H\AppData\Roaming\Skype
2008-03-07 20:45 --------- d-----w C:\Users\James H\AppData\Roaming\AVG7
2008-03-07 19:54 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-03-07 18:42 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-06 19:47 --------- d-----w C:\Users\James H\AppData\Roaming\uTorrent
2008-03-03 18:34 --------- d-----w C:\Users\James H\AppData\Roaming\TrueCrypt
2008-02-29 23:49 --------- d-----w C:\Users\James H\AppData\Roaming\LimeWire
2008-02-28 15:03 --------- d-----w C:\ProgramData\avg7
2008-02-28 12:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-28 12:22 --------- d-----w C:\Program Files\Windows Mail
2008-02-27 19:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-27 19:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-27 19:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-27 19:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-27 19:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-27 19:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-27 19:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 23:27 --------- d-----w C:\ProgramData\Kontiki
2008-02-17 13:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 20:12 225,344 ----a-w C:\Windows\system32\drivers\truecrypt.sys
2008-02-03 18:56 --------- d-----w C:\Program Files\UltraVNC
2008-02-02 22:37 --------- d-----w C:\Program Files\TrueCrypt
2008-01-30 22:32 --------- d-----w C:\Program Files\Bonjour
2008-01-30 16:38 --------- d-----w C:\ProgramData\FLEXnet
2008-01-30 16:27 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-29 15:55 --------- d-----w C:\Program Files\Microsoft FrontPage
2008-01-28 23:01 --------- d-----w C:\ProgramData\Bryxen Software
2008-01-28 23:01 --------- d-----w C:\Program Files\Bryxen Software
2008-01-24 19:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-23 23:19 --------- d-----w C:\ProgramData\Logishrd
2008-01-23 22:47 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-23 22:44 --------- d-----w C:\Program Files\Logitech
2008-01-23 20:16 --------- d-----w C:\Program Files\Google
2008-01-23 00:32 --------- d-----w C:\Program Files\iTunes
2008-01-23 00:32 --------- d-----w C:\Program Files\iPod
2008-01-23 00:31 --------- d-----w C:\Program Files\QuickTime
2008-01-17 23:47 --------- d-----w C:\Program Files\SecondLife
2008-01-09 19:57 --------- d-----w C:\Program Files\Huawei technologies
2008-01-04 22:03 139,264 ----a-w C:\Windows\War3Unin.exe
2007-11-01 09:47 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2008-02-10 20:12 1060544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\JAMESH~1\AppData\Local\Temp\ssqpo.dll" [2008-03-07 21:00 316928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-01 09:40 1006264]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:50 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 09:45 44544 C:\Windows\System32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-23 23:05 185896]
"BigDog303"="C:\Windows\VM303_STI.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 09:26 55856]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-01 17:06 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-30 20:49 9216 C:\Windows\System32\avgwlntf.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C4669F79-394B-4D03-AC25-1FE96F45305B}C:\wamp\apache2\bin\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"UDP Query User{24F44E27-6852-4D58-A00E-5FEAC5F03FF5}C:\wamp\apache2\bin\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"TCP Query User{F6E06608-4823-4971-A8AC-BE142B288B45}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{9847581E-3074-4BAC-BE7B-086D0CA6F8E1}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"TCP Query User{2F220537-5754-4743-9C22-BB37D92A8D29}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{B7ACB372-FA24-4D41-8BF4-72BCC10A1F96}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"TCP Query User{F1F9B3E8-2FE6-4D0E-A391-52C39626EB34}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{A8AB3115-0125-4B2B-B2DE-D60DA9963C35}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"{F5D5A759-DD80-45ED-84E5-4A3598E9D542}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8A684CBD-2C1D-4508-8B95-F6A18D5EFDB1}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2BE81018-3EF0-4C63-8D8D-10B8AD071200}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{54A50C0F-CE9B-4CA4-BA0F-B1729FFF3545}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4164CA47-2D5B-41CD-907B-35727EB547D2}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{ECB7B0B8-D5B6-439E-88C0-B2E23AB5F8C4}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{D31DC342-389B-4A09-A92E-26010DDE6AF0}C:\users\james h\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:C:\users\james h\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"UDP Query User{09F3EA87-C19D-4F8F-A6C5-438432F3A26B}C:\users\james h\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:C:\users\james h\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"TCP Query User{3753178E-2986-4A94-A4C7-21C243F0F10B}C:\program files\sopcast\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod|Desc=sopvod
"UDP Query User{9A97A960-5C36-4AFF-9D10-BE33ED509D9E}C:\program files\sopcast\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod|Desc=sopvod
"TCP Query User{EC991A72-6B88-4498-B168-C0430E6044D9}C:\program files\sopcast\adv\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"UDP Query User{D2E9BBD8-BA9E-4369-94C8-2A4265871A78}C:\program files\sopcast\adv\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"TCP Query User{411CA4DD-2E15-4A42-9201-1D18027A3A40}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{BFC6BCB5-DFA4-4633-BD7B-4CA315A5A51E}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{D1A44D53-1E91-4412-81B4-5F7E991F4908}C:\users\james h\downloads\wow-2.0.0-engb-installer-downloader.exe"= UDP:C:\users\james h\downloads\wow-2.0.0-engb-installer-downloader.exe:wow-2.0.0-engb-installer-downloader.exe|Desc=wow-2.0.0-engb-installer-downloader.exe
"UDP Query User{B42AA4AC-E209-497E-AF00-6DFAF566D198}C:\users\james h\downloads\wow-2.0.0-engb-installer-downloader.exe"= TCP:C:\users\james h\downloads\wow-2.0.0-engb-installer-downloader.exe:wow-2.0.0-engb-installer-downloader.exe|Desc=wow-2.0.0-engb-installer-downloader.exe
"TCP Query User{366D5331-9967-4E94-B46D-8B307CCFC16C}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8|Desc=Dreamweaver 8
"UDP Query User{FB4A7B34-BF08-4C6F-B791-ED9D1B971D09}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8|Desc=Dreamweaver 8
"TCP Query User{22CB88CA-D4A9-47A9-B69E-A5CD1687036D}C:\program files\warcraft iii\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III|Desc=Warcraft III
"UDP Query User{2CF3F85A-5090-4DA1-9F59-D74906F79EA9}C:\program files\warcraft iii\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III|Desc=Warcraft III
"{217BED0E-8015-4316-9A69-104D58656223}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{FA1438C6-6D59-45A6-B540-699CD3CC1DAE}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{CDE4319F-2EF2-4D97-B865-0E9A87A7EAA2}C:\users\james h\program files\utorrent\utorrent.exe"= UDP:C:\users\james h\program files\utorrent\utorrent.exe:utorrent.exe|Desc=utorrent.exe
"UDP Query User{F1088B9C-0574-45B5-A654-381A50341A84}C:\users\james h\program files\utorrent\utorrent.exe"= TCP:C:\users\james h\program files\utorrent\utorrent.exe:utorrent.exe|Desc=utorrent.exe
"{05E4F880-CA47-4E4D-8100-2113A054FCF7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1759AFEE-FE92-4E72-AF26-6C24D819379E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7CF431A1-0D23-4842-B2F3-AC0FFF73D7AD}C:\program files\ultravnc\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32|Desc=VNC server for Win32
"UDP Query User{D3C1C2CF-ACFF-49D4-8571-602D27C52440}C:\program files\ultravnc\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32|Desc=VNC server for Win32
"TCP Query User{2D7B2751-D702-415A-BBC7-6A1AACFAD6A2}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3|Desc=Adobe Dreamweaver CS3
"UDP Query User{9B9656A2-9EEA-4831-AA02-5F818E80B8D4}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3|Desc=Adobe Dreamweaver CS3
"{E3A407C9-7241-40AB-89EA-509D49DC069E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-03-07 13:27]
R1 moufiltr;ENERGY SISTEM Mouse Filter Driver;C:\Windows\system32\DRIVERS\moufiltr.sys [2007-11-09 11:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-07 18:42]
S3 vmfilter303;vmfilter303;C:\Windows\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-05-04 10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16af0e31-cd93-11dc-8921-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16af0e33-cd93-11dc-8921-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ac3d54-885f-11dc-8254-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ac3d72-885f-11dc-8254-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e43f2b2-a5a3-11dc-9de5-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58027b57-bec3-11dc-a77d-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58027b72-bec3-11dc-a77d-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b78749c-92c4-11dc-bf9c-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f10839c-eab4-11dc-949d-005056c00008}]
\shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34c9dee-b799-11dc-bd06-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34c9df0-b799-11dc-bd06-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f94a1d09-87df-11dc-9a5b-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f94a1d24-87df-11dc-9a5b-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f94a2b22-87df-11dc-9a5b-001a4d80466f}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc33e5a1-be21-11dc-a231-001a4d80466f}]
\shell\AutoRun\command - H:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 09:51:49 C:\Windows\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-08 20:18:11
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Users\JAMESH~1\AppData\Local\Temp\ssqpo.dll
.
Completion time: 2008-03-08 20:26:22
.
2008-03-08 19:39:01 --- E O F ---
This is the hijack this one
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:25, on 08/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Huawei technologies\Vodafone 3G Broadband Modem\Vodafone 3G Broadband Modem.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JAMESH~1\AppData\Local\Temp\ssqpo.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{467DACD0-FE46-4442-9DB9-588B8D625A92}: NameServer = 213.233.128.1 213.233.128.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10534 bytes
looking forward to your reply