mferguson26

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mferguson26

  • Rank
    Member
  1. Ty for your reply. I know I've said it before but I just wanted to re-state that I work weird hours, but I'll get to your instructions soon. Thank you very much! Fergy
  2. [attachment=8027:Attach.txt] I hope i did these right. DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 21:41:20.37 on Thu 04/15/2010 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1736 [GMT -5:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dllhost.exe C:\Windows\system32\dlbacoms.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\ehome\ehsched.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\locator.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\snmptrap.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\vds.exe C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\iashost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\msdtc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Mike\Desktop\dds.com C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [DivX Free Codec] c:\program files\divx free codec\Divx Free Update.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &D&ownload &with BitComet IE: &D&ownload all video with BitComet IE: &D&ownload all with BitComet DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\c5l497xp.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-24 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-27 310320] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-7 11608] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-27 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSvix86.sys [2010-3-14 343088] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-7 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-7 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-7 56816] R2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-5 47640] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640] R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-6-13 179712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-29 102448] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-13 21504] S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-1-27 48688] =============== Created Last 30 ================ 2010-04-14 12:14:19 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 12:14:11 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 12:14:10 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 12:14:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 12:14:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 12:14:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 12:14:03 62464 ----a-w- c:\windows\system32\l3codeca.acm 2010-04-14 12:14:03 220672 ----a-w- c:\windows\system32\l3codecp.acm 2010-04-14 12:14:00 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 12:14:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 12:14:00 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 12:13:04 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 12:12:03 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-12 17:50:50 0 d-----w- c:\program files\iPod 2010-04-12 17:50:47 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-12 17:50:47 0 d-----w- c:\program files\iTunes 2010-04-12 17:44:58 0 d-----w- c:\program files\Bonjour 2010-04-04 02:05:41 0 d-sh--w- C:\$RECYCLE.BIN 2010-04-04 01:49:40 98816 ----a-w- c:\windows\sed.exe 2010-04-04 01:49:40 77312 ----a-w- c:\windows\MBR.exe 2010-04-04 01:49:40 261632 ----a-w- c:\windows\PEV.exe 2010-04-04 01:49:40 161792 ----a-w- c:\windows\SWREG.exe 2010-04-03 04:39:01 0 d-----w- c:\users\mike\appdata\roaming\Malwarebytes 2010-04-03 04:38:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-03 04:38:49 0 d-----w- c:\programdata\Malwarebytes 2010-04-03 04:38:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-03 04:38:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-03 04:16:53 0 d-----w- c:\programdata\Sun 2010-03-30 18:09:03 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-30 18:09:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-28 04:00:05 0 d-----w- c:\program files\SopCast 2010-03-22 13:10:20 0 d-----w- c:\program files\DivX Free Codec 2010-03-22 13:01:49 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp 2010-03-22 13:01:49 2738 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat 2010-03-22 13:01:49 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe 2010-03-22 13:01:46 0 d-----w- c:\program files\Illustrate 2010-03-22 12:56:11 0 d-----w- c:\program files\common files\DivX Shared 2010-03-22 12:54:51 0 d-----w- c:\programdata\DivX 2010-03-22 00:08:10 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-18 02:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-03-18 02:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2010-04-12 17:46:31 86016 ----a-w- c:\windows\inf\infstor.dat 2010-04-12 17:46:31 51200 ----a-w- c:\windows\inf\infpub.dat 2010-04-12 17:46:31 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-12 16:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 16:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-01-27 23:18:49 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-25 17:58:06 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll 2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-17 11:27:22 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-08-02 01:45:41 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat 2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat 2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat 2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat 2009-11-28 05:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2009-11-28 05:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2009-11-28 05:08:33 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 21:42:47.89 ===============
  3. Ok. Again I work weird hours so I will continue with the instructions hopefully tonight if not then tomorrow night. Thank you for all your help! Fergy
  4. Here is the latest GMER log [attachment=7961:gmer_log_04_03010.log]
  5. Ok. I disabled Avira. I can't disable Norton because when I click the icon, the only option I get is to renew my subscription, and I can't do that till Wednesday. But here is the Combofix Log. ComboFix 10-04-03.01 - Mike 04/03/2010 20:51:35.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1709 [GMT -5:00] Running from: c:\users\Mike\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\programdata\ntuser.dat{188db441-964f-11de-a0c7-001111bf0a9a}.TMContainer00000000000000000001.regtrans-ms c:\users\Mike\AppData\Roaming\inst.exe c:\windows\system32\AutoRun.inf F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 ))))))))))))))))))))))))))))))) . 2010-04-03 16:29 . 2010-02-12 23:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-04-03 16:29 . 2010-02-02 01:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2010-04-03 04:39 . 2010-04-03 04:39 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes 2010-04-03 04:38 . 2010-03-29 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\programdata\Malwarebytes 2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-03 04:38 . 2010-03-29 20:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-03 04:17 . 2010-04-03 04:17 -------- d-----w- c:\windows\Sun 2010-04-03 04:16 . 2010-04-03 04:16 -------- d-----w- c:\program files\Common Files\Java 2010-03-30 18:09 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-30 18:09 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-28 04:00 . 2010-03-28 04:00 -------- d-----w- c:\program files\SopCast 2010-03-22 13:10 . 2010-03-22 13:10 -------- d-----w- c:\program files\DivX Free Codec 2010-03-22 13:01 . 2010-03-22 13:01 2738 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat 2010-03-22 13:01 . 2010-03-22 13:01 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe 2010-03-22 13:01 . 2010-03-22 13:01 -------- d-----w- c:\program files\Illustrate 2010-03-22 12:57 . 2010-03-22 12:54 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-03-22 12:57 . 2010-03-22 12:54 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-03-22 12:57 . 2010-03-22 12:57 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-03-22 12:57 . 2010-03-22 12:57 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-03-22 12:57 . 2010-03-22 12:57 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-03-22 12:57 . 2010-03-22 12:57 57676 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-03-22 12:57 . 2010-03-22 12:57 84035 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-03-22 12:54 . 2010-03-22 12:54 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-03-22 12:54 . 2010-03-22 12:57 -------- d-----w- c:\programdata\DivX 2010-03-22 00:08 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-21 18:21 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVEX32A.DLL 2010-03-21 18:21 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVENG.SYS 2010-03-21 18:21 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVEX15.SYS 2010-03-21 18:21 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\EECTRL.SYS 2010-03-21 18:21 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\ERASER.SYS 2010-03-21 18:21 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVENG32.DLL 2010-03-21 18:21 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\CCERASER.DLL 2010-03-21 18:21 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\ECMSVR32.DLL 2010-03-14 23:11 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll 2010-03-14 23:11 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys 2010-03-14 23:11 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll 2010-03-14 23:11 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys 2010-03-14 23:11 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys 2010-03-14 13:48 . 2010-03-15 15:14 -------- d-----w- c:\users\Mike\AppData\Local\AirVideoServer 2010-03-14 13:48 . 2010-04-04 01:51 -------- d-----w- C:\jexepackres 2010-03-14 13:48 . 2010-03-14 13:48 -------- d-----w- c:\program files\AirVideoServer 2010-03-11 09:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-11 09:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-11 09:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-10 21:46 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys 2010-03-10 21:46 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys 2010-03-10 21:46 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll 2010-03-10 21:46 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll 2010-03-10 21:46 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-05 05:56 . 2010-03-05 05:56 -------- d-----w- c:\users\Mike\AppData\Local\LogMeIn 2010-03-05 05:56 . 2010-03-05 05:56 -------- d-----w- c:\programdata\LogMeIn 2010-03-05 05:56 . 2009-09-29 01:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-03-05 05:56 . 2009-09-29 01:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-03-05 05:56 . 2009-09-29 01:34 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-03-05 05:56 . 2008-08-11 18:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2010-03-05 05:56 . 2009-09-29 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-03-05 05:56 . 2010-04-03 16:29 -------- d-----w- c:\program files\LogMeIn . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-03 04:51 . 2009-06-08 07:29 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-03 04:19 . 2009-06-08 07:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-03 04:16 . 2009-06-09 02:33 -------- d-----w- c:\program files\Java 2010-03-28 04:03 . 2010-01-16 22:00 -------- d-----w- c:\program files\Veetle 2010-03-26 00:11 . 2009-06-09 02:36 -------- d-----w- c:\users\Mike\AppData\Roaming\LimeWire 2010-03-22 12:59 . 2009-06-29 03:18 -------- d-----w- c:\users\Mike\AppData\Roaming\DivX 2010-03-22 12:57 . 2009-06-29 03:18 -------- d-----w- c:\program files\DivX 2010-03-22 12:57 . 2009-06-29 03:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-03-19 10:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-19 08:55 . 2009-06-11 06:19 -------- d-----w- c:\program files\Chuzzle Deluxe 2010-03-13 23:04 . 2010-02-06 02:57 -------- d-----w- c:\users\Mike\AppData\Roaming\Apple Computer 2010-03-12 12:36 . 2009-06-08 04:11 390584 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-12 09:49 . 2009-06-08 17:05 -------- d-----w- c:\program files\Disney 2010-03-12 09:47 . 2010-02-28 06:45 -------- d-----w- c:\program files\iSkysoft 2010-03-09 09:28 . 2009-06-09 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-05 08:26 . 2009-12-26 06:01 680 ----a-w- c:\users\Mike\AppData\Local\d3d9caps.dat 2010-03-04 07:55 . 2009-06-08 13:55 -------- d-----w- c:\program files\Google 2010-03-04 07:44 . 2009-10-15 06:19 -------- d-----w- c:\program files\ThreatExpert Memory Scanner 2010-03-01 11:18 . 2009-10-25 04:18 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-03-01 00:22 . 2010-03-01 00:22 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll 2010-03-01 00:22 . 2010-03-01 00:22 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll 2010-03-01 00:20 . 2009-06-08 05:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-28 06:51 . 2010-02-28 06:51 -------- d-----w- c:\programdata\xml_param 2010-02-26 09:25 . 2009-09-24 09:05 -------- d-----w- c:\users\Mike\AppData\Roaming\Smilebox 2010-02-24 11:51 . 2010-02-24 11:51 -------- d-----w- c:\program files\Logitech Touch Mouse Server 2010-02-22 19:30 . 2010-02-22 19:30 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-12 18:19 . 2009-06-10 03:29 -------- d-----w- c:\programdata\NOS 2010-02-08 06:52 . 2010-02-07 06:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-07 06:50 . 2010-02-07 06:50 -------- d-----w- c:\programdata\Avira 2010-02-07 06:50 . 2010-02-07 06:50 -------- d-----w- c:\program files\Avira 2010-02-06 17:12 . 2010-02-06 17:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-02-06 03:10 . 2009-09-21 04:47 -------- d-----w- c:\programdata\Apple 2010-02-06 02:56 . 2010-02-06 02:55 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-06 02:56 . 2010-02-06 02:55 -------- d-----w- c:\program files\iTunes 2010-02-06 02:55 . 2010-02-06 02:55 -------- d-----w- c:\program files\iPod 2010-02-06 02:55 . 2009-09-23 07:17 -------- d-----w- c:\program files\Common Files\Apple 2010-02-06 02:55 . 2010-02-06 02:52 -------- d-----w- c:\programdata\Apple Computer 2010-02-06 02:51 . 2010-02-06 02:51 -------- d-----w- c:\program files\Apple Software Update 2010-02-04 17:25 . 2009-10-25 04:19 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 17:24 . 2009-10-25 04:18 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-04 17:24 . 2009-10-25 04:18 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\program files\FaxTools 2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\programdata\BVRP Software 2010-02-04 17:07 . 2010-02-04 17:07 -------- d-----w- c:\program files\Dell A940 2010-02-04 07:31 . 2009-06-14 06:42 -------- d-----w- c:\programdata\Yahoo! Companion 2010-01-25 19:33 . 2010-01-25 17:33 1602184 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxClient.exe 2010-01-25 17:58 . 2010-01-25 17:58 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll 2010-01-25 12:00 . 2010-02-23 19:26 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-23 19:26 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-23 19:26 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-23 19:26 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-23 19:26 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-23 19:26 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-23 19:26 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-23 19:26 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-23 19:26 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-23 19:27 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-23 01:51 . 2010-01-23 01:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-19 10:34 . 2009-07-31 21:10 373384 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxStarter.exe 2010-01-19 10:34 . 2009-07-31 20:41 168584 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll 2010-01-19 10:34 . 2009-07-31 19:17 266888 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe 2010-01-19 10:34 . 2009-07-31 19:17 205448 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxDvd.exe 2010-01-19 09:45 . 2010-01-19 09:45 344712 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll 2010-01-19 09:45 . 2010-01-19 09:45 123528 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxUpdater.exe 2010-01-06 15:39 . 2010-02-23 19:26 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-23 19:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-23 19:26 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-23 19:26 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-23 19:26 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-23 19:26 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-23 19:26 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-01-27 4637448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "DivX Free Codec"="c:\program files\DivX Free Codec\Divx Free Update.exe" [2007-03-30 274432] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk] path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2008-08-11 18:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2010-01-19 10:34 266888 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:2b,75,46,32,bb,15,ca,01 R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688] R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x] R3 XDva311;XDva311;c:\windows\system32\XDva311.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys [2009-10-28 343088] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-06 538096] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328] S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640] S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064] S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job - c:\windows\system32\msfeedssync.exe [2009-06-14 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &D&ownload &with BitComet IE: &D&ownload all video with BitComet IE: &D&ownload all with BitComet FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-03 21:01 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Lavasoft\Ad-Aware] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Local AppWizard-Generated Applications\hprbui] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Uforia\Mercenary Wars] @DACL=(02 0000) [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form] @DACL=(02 0000) "Dkp_Log_Visible"="TRUE" "ShowCmd"=dword:00000001 "Flags"=dword:00000000 "PixelsPerInch"=dword:00000060 "MinMaxPos(1280x1024)"="-1,-1,-1,-1" "MinMaxPos"="-1,-1,-1,-1" "NormPos(1280x1024)"="8,303,542,719" "NormPos"="8,303,542,719" "Dkp_Log_FloatingHeight"=dword:000000e6 "Dkp_Log_FloatingWidth"=dword:000000a0 "Dkp_Log_Height"=dword:00000056 "Dkp_Log_Width"=dword:00000206 "Dkp_Log_DockPos"=dword:00000000 "Dkp_Log_DockRow"=dword:00000000 "Dkp_Log_SplitHeight"=dword:000000fa "Dkp_Log_SplitWidth"=dword:00000000 "Dkp_Log_FloatingMode"="fmOnTopOfParentForm" "Dkp_Log_DockedHeight"=dword:00000052 "Dkp_Log_DockedWidth"=dword:000000c0 "Dkp_Log_floating"="FALSE" "Dkp_Log_FloatingPosition_x"=dword:00000000 "Dkp_Log_FloatingPosition_y"=dword:00000000 "Dkp_Preview_Visible"="TRUE" "Dkp_Preview_FloatingHeight"=dword:00000238 "Dkp_Preview_FloatingWidth"=dword:000002e0 "Dkp_Preview_Height"=dword:000000f7 "Dkp_Preview_Width"=dword:000000b9 "Dkp_Preview_DockPos"=dword:00000000 "Dkp_Preview_DockRow"=dword:00000000 "Dkp_Preview_SplitHeight"=dword:00000095 "Dkp_Preview_SplitWidth"=dword:00000000 "Dkp_Preview_FloatingMode"="fmOnTopOfParentForm" "Dkp_Preview_DockedHeight"=dword:00000080 "Dkp_Preview_DockedWidth"=dword:000000b5 "Dkp_Preview_floating"="FALSE" "Dkp_Preview_FloatingPosition_x"=dword:00000000 "Dkp_Preview_FloatingPosition_y"=dword:00000000 [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form\Dkp_Log_CurrentDock] @DACL=(02 0000) "Name"="DockBottom" "Tag"=dword:00000000 "AlignWithMargins"="FALSE" "Left"=dword:00000000 "Top"=dword:00000110 "Width"=dword:00000206 "Height"=dword:00000056 "Cursor"="crDefault" "Hint"="" "HelpType"="htContext" "HelpKeyword"="" "HelpContext"=dword:00000000 "ParentCustomHint"="TRUE" "AllowDrag"="TRUE" "BackgroundOnToolbars"="TRUE" "Color"="clNone" "FixAlign"="FALSE" "LimitToOneRow"="FALSE" "Position"="dpBottom" "Visible"="TRUE" "UseParentBackground"="FALSE" [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form\Dkp_Preview_CurrentDock] @DACL=(02 0000) "Name"="Mdright" "Tag"=dword:00000003 "AlignWithMargins"="FALSE" "Left"=dword:0000014d "Top"=dword:00000019 "Width"=dword:000000b9 "Height"=dword:000000f7 "Cursor"="crDefault" "Hint"="" "HelpType"="htContext" "HelpKeyword"="" "HelpContext"=dword:00000000 "ParentCustomHint"="TRUE" "AllowDrag"="TRUE" "BackgroundOnToolbars"="TRUE" "Color"="clBtnFace" "FixAlign"="FALSE" "LimitToOneRow"="FALSE" "Position"="dpRight" "Visible"="TRUE" [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\settings] @DACL=(02 0000) "Auth_Auto_Start"="FALSE" "Auth_Integrate_Menu"="TRUE" "Auth_Sequential_Playback"="FALSE" "Auth_Loop_Playback"="FALSE" "Auth_Direct_tt_Play"="TRUE" "Menu_template_name"="Black Mirror" "Enc_target_size"=dword:000010cc "Burn_Speed"="4x" "locale_file"="CX3_English.ini" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-04-03 21:05:35 ComboFix-quarantined-files.txt 2010-04-04 02:05 Pre-Run: 229,126,094,848 bytes free Post-Run: 229,119,561,728 bytes free - - End Of File - - D08189F9B5125108199B3AD899E2D8B4
  6. Allright, I ran GMER again and here's what I got: GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-04-03 01:38:08 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys ---- System - GMER 1.0.15 ---- SSDT 8748DF90 ZwAlertResumeThread SSDT 867E9E88 ZwAlertThread SSDT 87371E38 ZwAllocateVirtualMemory SSDT 867032C0 ZwAlpcConnectPort SSDT 87519B08 ZwAssignProcessToJobObject SSDT 874CFF80 ZwCreateMutant SSDT 8757DEE0 ZwCreateSymbolicLinkObject SSDT 9C5E722C ZwCreateThread SSDT 87500D68 ZwDebugActiveProcess SSDT 867A57C0 ZwDuplicateObject SSDT 87371C58 ZwFreeVirtualMemory SSDT 867C5C30 ZwImpersonateAnonymousToken SSDT 867AA2C0 ZwImpersonateThread SSDT 866CA350 ZwLoadDriver SSDT 86F66B10 ZwMapViewOfSection SSDT 874CFEA0 ZwOpenEvent SSDT 9C5E7218 ZwOpenProcess SSDT 87371F28 ZwOpenProcessToken SSDT 87500F90 ZwOpenSection SSDT 9C5E721D ZwOpenThread SSDT 87519A18 ZwProtectVirtualMemory SSDT 868F2820 ZwResumeThread SSDT 86F66880 ZwSetContextThread SSDT 86F66960 ZwSetInformationProcess SSDT 87500E48 ZwSetSystemInformation SSDT 874CFDC0 ZwSuspendProcess SSDT 86DE2990 ZwSuspendThread SSDT 9C5E7227 ZwTerminateProcess SSDT 86DE2630 ZwTerminateThread SSDT 86F66A50 ZwUnmapViewOfSection SSDT 87371D48 ZwWriteVirtualMemory SSDT 8757DFB0 ZwCreateThreadEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 30D 82078904 4 Bytes [90, DF, 48, 87] {NOP ; FISTTP WORD [EAX-0x79]} .text ntoskrnl.exe!KeInsertQueue + 312 82078909 3 Bytes [9E, 7E, 86] {SAHF ; JLE 0xffffffffffffff89} .text ntoskrnl.exe!KeInsertQueue + 321 82078918 4 Bytes [38, 1E, 37, 87] .text ntoskrnl.exe!KeInsertQueue + 32D 82078924 4 Bytes [C0, 32, 70, 86] .text ntoskrnl.exe!KeInsertQueue + 381 82078978 4 Bytes [08, 9B, 51, 87] .text ... ? System32\drivers\brgombn.sys The system cannot find the path specified. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F408000, 0x2585E6, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2776] ntdll.dll!RtlEncodeSystemPointer + 873 77A3938B 10 Bytes JMP 03E6003A .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxParamW 776710B0 5 Bytes JMP 6552BF9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxIndirectParamW 77672EF5 5 Bytes JMP 6566B45A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxParamA 77688152 5 Bytes JMP 6566B41F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxIndirectParamA 7768847D 5 Bytes JMP 6566B495 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxIndirectA 7769D4D9 5 Bytes JMP 6566B3DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxIndirectW 7769D5D3 5 Bytes JMP 6566B397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxExA 7769D639 5 Bytes JMP 6566B35D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxExW 7769D65D 5 Bytes JMP 6566B323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!OleLoadFromStream 77751E12 5 Bytes JMP 6566B657 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!CoGetTreatAsClass + D2F 7776FAB7 7 Bytes JMP 03E601A9 .text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!CoCreateInstance + 3E 77789EE4 7 Bytes JMP 03E600F3 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x0B 0x5B 0xEA 0x25 ... ---- EOF - GMER 1.0.15 ----
  7. Ok two things. I forgot to mention before that I uninstalled Spybot search and destroy, so that one is gone Now I ran the GMER one, and some time into it a msg popped up that said "a problem occurred and GMER.exe has been stopped" and then something about windows notifying me if a solution was found. I ran this one before and It didn't do that, so I don't know what happened. Thanks for your time! Fergy
  8. Ok I'm starting on your instructions. First off, my Norton is expired, so I left Avira in place so my computer would be protected. I will renew Norton on Wednesday and will delete Avira then. For the purposes of the troubleshooting, I disabled Avira and Windows Defender. Here's the report from SystemLook SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 23:28 on 02/04/2010 by Mike (Administrator - Elevation successful) ========== Filefind ========== Searching for "comsvcs.dll" C:\Windows\System32\comsvcs.dll --a--- 1209856 bytes [19:08 04/08/2009] [06:28 11/04/2009] 95A5497D129D95D12A46F7848AFFE1DB C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6000.16386_none_708ba331a2f2ea29\comsvcs.dll --a--- 1210880 bytes [08:51 02/11/2006] [09:46 02/11/2006] 92E4AD213BBCA2895B836F913EF85478 C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\comsvcs.dll --a--- 1208320 bytes [04:50 14/06/2009] [07:33 19/01/2008] EE11E4FE19D61275246E5772BC1EC795 C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6002.18005_none_74adde399cffc649\comsvcs.dll --a--- 1209856 bytes [19:08 04/08/2009] [06:28 11/04/2009] 95A5497D129D95D12A46F7848AFFE1DB Searching for "rsaenh.dll" C:\Windows\System32\rsaenh.dll --a--- 241128 bytes [19:07 04/08/2009] [06:27 11/04/2009] E14170AEA125119B98FA2BDE3FF4F462 C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6000.16386_none_5d904dcbb4596800\rsaenh.dll --a--- 228968 bytes [08:45 02/11/2006] [09:47 02/11/2006] A90247CD20C2DB51C264EACC00A3039F C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\rsaenh.dll --a--- 242744 bytes [04:49 14/06/2009] [07:38 19/01/2008] 5178D99B1CBD1C9D310904417E2C5A11 C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6002.18005_none_61b288d3ae664420\rsaenh.dll --a--- 241128 bytes [19:07 04/08/2009] [06:27 11/04/2009] E14170AEA125119B98FA2BDE3FF4F462 Searching for "SLC.dll" C:\Windows\System32\SLC.dll --a--- 228352 bytes [19:08 04/08/2009] [06:28 11/04/2009] C6DF7A87063D006ECF1FD8156CB6DE3F C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16386_none_c2e898f3a9024b10\SLC.dll --a--- 221184 bytes [08:44 02/11/2006] [09:46 02/11/2006] C984BA7C8AAB74D1ED8A38A14B19D8C6 C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16509_none_c3421cfda8beb1db\SLC.dll --a--- 223232 bytes [06:46 08/06/2009] [06:46 08/06/2009] AE43F1EEA8CB7BD6D372F5A08B00849D C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.20624_none_c3b1187ec1f10ad4\SLC.dll --a--- 223232 bytes [06:46 08/06/2009] [06:46 08/06/2009] D1F0A982F40CF6E48A157C317A4794DF C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\SLC.dll --a--- 225792 bytes [04:50 14/06/2009] [07:36 19/01/2008] C0D487FD64092792B47E80A0FF27E5C6 C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6002.18005_none_c70ad3fba30f2730\SLC.dll --a--- 228352 bytes [19:08 04/08/2009] [06:28 11/04/2009] C6DF7A87063D006ECF1FD8156CB6DE3F Searching for "vbscript.dll" C:\Windows\System32\vbscript.dll --a--- 430080 bytes [19:08 04/08/2009] [06:28 11/04/2009] 34762E419CB79416BE49A8E484525453 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6000.16386_none_4623415330fbf275\vbscript.dll --a--- 413696 bytes [08:50 02/11/2006] [09:46 02/11/2006] 56379B9F65E26F04D987BBCF0662BAD2 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18000_none_485a034f2de70349\vbscript.dll --a--- 430080 bytes [04:50 14/06/2009] [07:36 19/01/2008] A50CFEE5140F2704459C22D264A4BDB0 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll --a--- 430080 bytes [06:28 02/08/2009] [21:59 08/05/2008] C7EC53FBE59F47DDF3648BCA256D79D2 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll --a--- 430080 bytes [06:28 02/08/2009] [05:22 08/05/2008] DC948E750D1A82F39BD93740ED835257 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6002.18005_none_4a457c5b2b08ce95\vbscript.dll --a--- 430080 bytes [19:08 04/08/2009] [06:28 11/04/2009] 34762E419CB79416BE49A8E484525453 -=End Of File=- AND HERE IS THE ONE FROM MALWAREBYTES Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3948 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 4/2/2010 11:47:54 PM mbam-log-2010-04-02 (23-47-54).txt Scan type: Quick scan Objects scanned: 111817 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 106 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 16 Files Infected: 69 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Users\Mike\AppData\Roaming\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. I have to restart so the GMER one will be next
  9. [quote name='Ltangelic' post='118521' date='Apr 2 2010, 12:49 PM']Hi, Do you still need help?[/quote] Yes, and thank you for re-opening this topic. I work weird hours and I've been putting in alot of overtime. Couple that with the kids always hogging the computer at home and I barely have time to sit at the computer. But I printed ur instructions and will perform your recommended actions a.s.a.p and will post the logs you requested. Please bear with me if I take a longer than usual to respond, and thank you so much in advance for your help. Fergy.
  10. Before the other thread was closed, I got these instructions from a helper, and i followed them. Hey mferguson26, Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper. To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTS to your Desktop after this he gave me specific instructions, which i followed......HERE IS THE POST FROM THE OTS PROGRAM CODEOTS logfile created on: 3/4/2010 1:06:38 AM - Run 1 OTS by OldTimer - Version 3.1.23.0     Folder = C:\Users\Mike\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 210.01 Gb Free Space | 70.46% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 149.01 Gb Total Space | 69.96 Gb Free Space | 46.95% Space Free | Partition Type: FAT32 Drive G: | 976.73 Mb Total Space | 650.80 Mb Free Space | 66.63% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MIKE-PC Current User Name: Mike Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:24:49 | 001,181,328 | ---- | M] (Lavasoft) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/01/27 17:18:22 | 000,788,880 | ---- | M] (Lavasoft) arccon.ac -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac -> [2009/10/10 12:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.) acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/10/10 12:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -> [2009/08/22 01:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/07/31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2009/04/11 00:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) ieuser.exe -> C:\Program Files\Internet Explorer\ieuser.exe -> [2009/04/11 00:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2008/01/19 01:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) mobsync.exe -> C:\Windows\System32\mobsync.exe -> [2008/01/19 01:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation) iashost.exe -> C:\Windows\System32\iashost.exe -> [2008/01/19 01:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) e_s40st7.exe -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -> [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) dlbacoms.exe -> C:\Windows\System32\dlbacoms.exe -> [2007/03/05 20:57:30 | 000,538,096 | ---- | M] ( ) e_s40rp7.exe -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Modules - Safe List] ots.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:24:49 | 001,181,328 | ---- | M] (Lavasoft) (ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) (FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) (Norton Internet Security) Norton Internet Security [Auto | Running] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -> [2009/08/22 01:28:17 | 000,117,640 | R--- | M] (Symantec Corporation) (AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/06/08 00:13:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) (AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) (SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) (WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) [Auto | Running] -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -> [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) (dlba_device) dlba_device [Auto | Running] -> C:\Windows\System32\dlbacoms.exe -> [2007/03/05 20:57:30 | 000,538,096 | ---- | M] ( ) (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) (ehstart) Windows Media Center Service Launcher [Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 06:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/08 00:52:44 | 000,056,816 | ---- | M] (Avira GmbH) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.033\NAVEX15.SYS -> [2010/02/03 03:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.033\NAVENG.SYS -> [2010/02/03 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) (ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -> [2010/01/27 21:19:08 | 000,482,432 | ---- | M] (Symantec Corporation) (IDSVix86) IDSVix86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys -> [2009/10/28 16:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2009/09/23 06:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\usbaapl.sys -> [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/08/26 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/08/26 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) (SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -> [2009/08/22 01:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) (SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -> [2009/08/22 01:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) (BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -> [2009/08/22 01:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) (SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -> [2009/08/22 01:28:17 | 000,217,136 | ---- | M] (Symantec Corporation) (SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -> [2009/08/22 01:28:17 | 000,089,904 | ---- | M] (Symantec Corporation) (SYMNDISV) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -> [2009/08/22 01:28:17 | 000,048,688 | ---- | M] (Symantec Corporation) (SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -> [2009/08/22 01:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2009/08/19 10:06:35 | 000,124,976 | ---- | M] (Symantec Corporation) (SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\SymIMV.sys -> [2009/08/18 13:11:17 | 000,025,648 | R--- | M] (Symantec Corporation) (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\pcouffin.sys -> [2009/06/11 17:39:32 | 000,047,360 | ---- | M] (VSO Software) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2009/05/01 15:03:38 | 000,043,528 | ---- | M] (Sonic Solutions) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) (SCREAMINGBDRIVER) Screaming Bee Audio [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ScreamingBAudio.sys -> [2009/04/06 12:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) (avipbb) avipbb [Kernel | System | Running] -> C:\Windows\System32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) (R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/25 22:59:52 | 004,385,792 | ---- | M] (ATI Technologies Inc.) (atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/25 22:59:52 | 004,385,792 | ---- | M] (ATI Technologies Inc.) (avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) (BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BVRPMPR5.SYS -> [2008/05/21 10:26:40 | 000,049,904 | R--- | M] (Avanquest Software) (StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\serscan.sys -> [2008/01/19 00:14:10 | 000,009,216 | ---- | M] (Microsoft Corporation) (b57nd60x) %SvcDispName% [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2008/01/18 22:25:04 | 000,179,712 | ---- | M] (Broadcom Corporation) (Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\afc.sys -> [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) (ATIAVPCI) ATI Unified AVStream service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atinavrr.sys -> [2006/11/02 02:27:21 | 000,377,472 | ---- | M] (ATI Technologies Inc.) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 01:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) (VST_DPV) VST_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2006/11/02 01:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2006/11/02 01:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) (secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (smwdm) smwdm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\smwdm.sys -> [2005/11/29 20:30:24 | 000,260,224 | ---- | M] (Analog Devices, Inc.) (ovt519) VGA USB Camera [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ov519vid.sys -> [2003/10/20 00:45:48 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"StartPageCache" -> 2 -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Mike\AppData\Roaming\Mozilla\FireFox\Profiles\c5l497xp.default\prefs.js -> browser.startup.homepage -> "www.yahoo.com" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions ->  -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Google\Web Accelerator\firefox [C:\PROGRAM FILES\GOOGLE\WEB ACCELERATOR\FIREFOX] -> [2010/02/04 01:47:47 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\] -> [2010/03/03 23:49:40 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions ->  -> HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/12 02:47:46 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/24 08:18:02 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > ->   -> C:\Users\Mike\AppData\Roaming\Mozilla\Extensions -> [2009/12/10 22:38:36 | 000,000,000 | ---D | M]   -> C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/06/08 20:37:13 | 000,000,000 | ---D | M]   -> C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\extensions -> [2010/02/13 04:16:42 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant   -> C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/12/27 16:35:53 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > ->   -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/03 23:48:30 | 000,000,000 | ---D | M] < HOSTS File > ([2010/02/04 01:28:05 | 000,378,553 | R--- | M] - 13090 lines) -> C:\Windows\System32\drivers\etc\hosts -> First 25 entries... Reset Hosts 127.0.0.1       localhost 127.0.0.1    www.007guard.com 127.0.0.1    007guard.com 127.0.0.1    008i.com 127.0.0.1    www.008k.com 127.0.0.1    008k.com 127.0.0.1    www.00hq.com 127.0.0.1    00hq.com 127.0.0.1    010402.com 127.0.0.1    www.032439.com 127.0.0.1    032439.com 127.0.0.1    www.0scan.com 127.0.0.1    0scan.com 127.0.0.1    www.1000gratisproben.com 127.0.0.1    1000gratisproben.com 127.0.0.1    www.1001namen.com 127.0.0.1    1001namen.com 127.0.0.1    100888290cs.com 127.0.0.1    www.100888290cs.com 127.0.0.1    100sexlinks.com 127.0.0.1    www.100sexlinks.com 127.0.0.1    10sek.com 127.0.0.1    www.10sek.com 127.0.0.1    www.1-2005-search.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [SnagIt Toolbar Loader] -> [2008/09/22 00:31:26 | 000,066,888 | ---- | M] (TechSmith Corporation) {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated) {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [BitComet Helper] -> [2009/03/02 04:01:38 | 000,636,216 | ---- | M] (BitComet) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Symantec NCO BHO] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation) {69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] () {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll [Symantec Intrusion Prevention] -> [2009/08/22 01:28:15 | 000,107,896 | R--- | M] (Symantec Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/31 14:23:13 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 04:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation) "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [SnagIt] -> [2008/09/22 00:31:30 | 000,161,096 | ---- | M] (TechSmith Corporation) "{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] () "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation) WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] () < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 16:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated) "ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2009/10/10 12:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) "avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) "iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) "QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/07/31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 00:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 00:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SmileboxTray" -> C:\Users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe ["C:\Users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe"] -> [2010/01/19 04:34:22 | 000,266,888 | ---- | M] (Smilebox, Inc.) "SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) < RunOnce [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "Shockwave Updater" -> C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( [C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.mostfungames.com/bmx-freestyle.htm"] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found &D&ownload all video with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found &D&ownload all with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [Button: BitComet] -> [2009/03/02 04:01:38 | 000,636,216 | ---- | M] (BitComet) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] -> {2EDF75C0-5ABD-49f9-BAB6-220476A32034} [HKLM] -> http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab [System Requirements Lab Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab [Windows Live Hotmail Photo Upload Tool] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {09455FBB-D53C-4774-8385-3136925138DC}\\DhcpNameServer -> 192.168.1.1   (Broadcom NetXtreme 57xx Gigabit Controller) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Uforia\Mercenary Wars\Bin\MWGame.exe" -> C:\Uforia\Mercenary Wars\Bin\MWGame.exe [C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame] -> [2009/11/21 09:41:32 | 002,183,168 | ---- | M] ((c)NMP) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > ->  -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () F:\AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ACTION=Wireless Network Setup Wizard | ] -> F:\AUTORUN.INF [ FAT32 ] -> [2008/01/04 11:35:22 | 000,000,066 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \F HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command \F\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> [2006/11/02 06:32:26 | 000,013,312 | ---- | M] (Microsoft Corporation) \{3ad0cebe-f535-11de-878a-001111bf0a9a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell \{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\\"" ->  [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\AutoRun\command \{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\AutoRun\command\\"" -> K:\iStudio.exe [K:\iStudio.exe] -> File not found \{f215764f-53ee-11de-a394-001111bf0a9a} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215764f-53ee-11de-a394-001111bf0a9a}\shell\AutoRun\command \{f215764f-53ee-11de-a394-001111bf0a9a}\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> [2006/11/02 06:32:26 | 000,013,312 | ---- | M] (Microsoft Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 03:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> helpfile [open] -> Reg Error: Key error. hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 03:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 01:33:12 | 000,011,776 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> regfile [merge] -> Reg Error: Key error. scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 01:32:56 | 000,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Error: Key error. Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 01:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 2/26/2010 6:07:53 PM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 2/27/2010 7:07:10 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 2/28/2010 6:28:59 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 3/1/2010 7:27:22 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 3/1/2010 2:10:06 PM Computer Name = Mike-PC | Source = Application Hang | ID = 1002 -> Description = The program AVSVideoConverter.exe version 6.3.3.371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 176c  Start Time: 01cab96996bba94a  Termination Time: 5978 Application [ Error ] 3/1/2010 4:03:31 PM Computer Name = Mike-PC | Source = SDWinSec.exe | ID = 0 -> Description = Application [ Error ] 3/2/2010 1:50:36 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 3/2/2010 6:27:47 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 3/3/2010 6:50:15 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description = Application [ Error ] 3/4/2010 1:56:59 AM Computer Name = Mike-PC | Source = Application Hang | ID = 1002 -> Description = The program iTunes.exe version 9.0.3.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 14c4  Start Time: 01cabb5f48457579  Termination Time: 27 Media Center [ Error ] 9/10/2009 7:42:16 PM Computer Name = Mike-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Media Center [ Error ] 10/11/2009 10:34:45 PM Computer Name = Mike-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. System [ Error ] 3/2/2010 9:10:55 PM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.4 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 3/3/2010 7:44:24 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = System [ Error ] 3/3/2010 7:44:26 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = System [ Error ] 3/3/2010 7:41:27 PM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.7 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 3/3/2010 9:31:28 PM Computer Name = Mike-PC | Source = DCOM | ID = 10010 -> Description = System [ Error ] 3/3/2010 9:36:52 PM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = System [ Error ] 3/3/2010 9:36:54 PM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = System [ Error ] 3/4/2010 1:47:36 AM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.4 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 3/4/2010 1:51:02 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = System [ Error ] 3/4/2010 1:51:04 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description = [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:48 | 000,634,368 | ---- | C] (OldTimer Tools) xml_param -> C:\ProgramData\xml_param -> [2010/02/28 00:51:23 | 000,000,000 | ---D | C] download.exe -> C:\Users\Mike\Documents\download.exe -> [2010/02/28 00:46:54 | 009,965,143 | ---- | C] (iSkysoft Software                                           ) iSkysoft iPod Movie Converter -> C:\Users\Mike\Documents\iSkysoft iPod Movie Converter -> [2010/02/28 00:46:06 | 000,000,000 | ---D | C] iSkysoft -> C:\Program Files\iSkysoft -> [2010/02/28 00:45:51 | 000,000,000 | ---D | C] Logitech Touch Mouse Server -> C:\Program Files\Logitech Touch Mouse Server -> [2010/02/24 05:51:42 | 000,000,000 | ---D | C] tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/02/23 13:27:56 | 000,002,048 | ---- | C] (Microsoft Corporation) secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/02/23 13:26:51 | 000,471,552 | ---- | C] (Microsoft Corporation) secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/02/23 13:26:51 | 000,471,552 | ---- | C] (Microsoft Corporation) RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/02/23 13:26:49 | 000,526,336 | ---- | C] (Microsoft Corporation) RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/02/23 13:26:49 | 000,518,144 | ---- | C] (Microsoft Corporation) RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/02/23 13:26:49 | 000,347,136 | ---- | C] (Microsoft Corporation) RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/02/23 13:26:49 | 000,346,624 | ---- | C] (Microsoft Corporation) secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/02/23 13:26:48 | 000,152,576 | ---- | C] (Microsoft Corporation) secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/02/23 13:26:48 | 000,152,064 | ---- | C] (Microsoft Corporation) msdrm.dll -> C:\Windows\System32\msdrm.dll -> [2010/02/23 13:26:47 | 000,332,288 | ---- | C] (Microsoft Corporation) gameux.dll -> C:\Windows\System32\gameux.dll -> [2010/02/23 13:26:42 | 001,696,256 | ---- | C] (Microsoft Corporation) Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/02/23 13:26:42 | 000,028,672 | ---- | C] (Microsoft Corporation) GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/02/23 13:26:41 | 004,240,384 | ---- | C] (Microsoft) Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/02/22 13:30:38 | 000,000,000 | ---D | C] ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/02/09 18:24:17 | 003,600,456 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/02/09 18:24:17 | 003,548,216 | ---- | C] (Microsoft Corporation) quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/02/09 18:23:59 | 001,314,816 | ---- | C] (Microsoft Corporation) msvfw32.dll -> C:\Windows\System32\msvfw32.dll -> [2010/02/09 18:23:57 | 000,123,904 | ---- | C] (Microsoft Corporation) avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/02/09 18:23:57 | 000,091,136 | ---- | C] (Microsoft Corporation) mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/02/09 18:23:57 | 000,082,944 | ---- | C] (Microsoft Corporation) BVRPMPR5.SYS -> C:\Windows\System32\drivers\BVRPMPR5.SYS -> [2010/02/09 00:56:53 | 000,049,904 | R--- | C] (Avanquest Software) Netgear -> C:\Netgear -> [2010/02/09 00:52:32 | 000,000,000 | ---D | C] pss -> C:\Windows\pss -> [2010/02/07 23:30:08 | 000,000,000 | ---D | C] avipbb.sys -> C:\Windows\System32\drivers\avipbb.sys -> [2010/02/07 00:50:39 | 000,096,104 | ---- | C] (Avira GmbH) avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/07 00:50:39 | 000,056,816 | ---- | C] (Avira GmbH) ssmdrv.sys -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/02/07 00:50:37 | 000,028,520 | ---- | C] (Avira GmbH) Avira -> C:\ProgramData\Avira -> [2010/02/07 00:50:31 | 000,000,000 | ---D | C] Avira -> C:\Program Files\Avira -> [2010/02/07 00:50:31 | 000,000,000 | ---D | C] Apple Computer -> C:\Users\Mike\AppData\Roaming\Apple Computer -> [2010/02/05 20:57:01 | 000,000,000 | ---D | C] GEARAspi.dll -> C:\Windows\System32\GEARAspi.dll -> [2010/02/05 20:56:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) GEARAspiWDM.sys -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2010/02/05 20:56:23 | 000,026,600 | ---- | C] (GEAR Software Inc.) iPod -> C:\Program Files\iPod -> [2010/02/05 20:55:31 | 000,000,000 | ---D | C] iTunes -> C:\Program Files\iTunes -> [2010/02/05 20:55:27 | 000,000,000 | ---D | C] {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/02/05 20:55:27 | 000,000,000 | ---D | C] QuickTime -> C:\Program Files\QuickTime -> [2010/02/05 20:52:50 | 000,000,000 | ---D | C] Apple Computer -> C:\ProgramData\Apple Computer -> [2010/02/05 20:52:49 | 000,000,000 | ---D | C] Apple Software Update -> C:\Program Files\Apple Software Update -> [2010/02/05 20:51:03 | 000,000,000 | ---D | C] BVRP Software -> C:\Users\Mike\AppData\Local\BVRP Software -> [2010/02/04 11:23:25 | 000,000,000 | ---D | C] FaxTools -> C:\Program Files\FaxTools -> [2010/02/04 11:12:42 | 000,000,000 | ---D | C] BVRP Software -> C:\ProgramData\BVRP Software -> [2010/02/04 11:12:42 | 000,000,000 | ---D | C] Dell A940 -> C:\Program Files\Dell A940 -> [2010/02/04 11:07:36 | 000,000,000 | ---D | C] uninst.exe -> C:\Windows\uninst.exe -> [2010/02/04 11:07:29 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) dlbapmui.dll -> C:\Windows\System32\dlbapmui.dll -> [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) dlbaserv.dll -> C:\Windows\System32\dlbaserv.dll -> [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) dlbacomm.dll -> C:\Windows\System32\dlbacomm.dll -> [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) dlbalmpm.dll -> C:\Windows\System32\dlbalmpm.dll -> [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) dlbaiesc.dll -> C:\Windows\System32\dlbaiesc.dll -> [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) dlbapplc.dll -> C:\Windows\System32\dlbapplc.dll -> [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) dlbacomc.dll -> C:\Windows\System32\dlbacomc.dll -> [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) dlbaprox.dll -> C:\Windows\System32\dlbaprox.dll -> [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) dlbainpa.dll -> C:\Windows\System32\dlbainpa.dll -> [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) dlbausb1.dll -> C:\Windows\System32\dlbausb1.dll -> [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) dlbahbn3.dll -> C:\Windows\System32\dlbahbn3.dll -> [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files/Folders - Modified Within 30 Days] NTUSER.DAT -> C:\Users\Mike\NTUSER.DAT -> [2010/03/04 01:06:19 | 007,077,888 | -HS- | M] () User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> C:\Windows\tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> [2010/03/04 00:56:19 | 000,000,420 | -H-- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/04 00:55:00 | 000,000,886 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/03/04 00:05:37 | 000,595,446 | ---- | M] () PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/03/04 00:05:36 | 000,690,960 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/03/04 00:05:36 | 000,101,144 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/04 00:04:06 | 000,003,952 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/04 00:04:06 | 000,003,952 | -H-- | M] () OTS.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools) Norton Internet Security - Mike - Scan downloads.job -> C:\Windows\tasks\Norton Internet Security - Mike - Scan downloads.job -> [2010/03/04 00:00:00 | 000,000,640 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/03 23:47:46 | 000,000,882 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/03/03 23:47:44 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/03/03 23:47:30 | 000,067,584 | --S- | M] () NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/03 23:22:55 | 000,524,288 | -HS- | M] () NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> [2010/03/03 23:22:55 | 000,065,536 | -HS- | M] () IconCache.db -> C:\Users\Mike\AppData\Local\IconCache.db -> [2010/03/03 19:31:23 | 002,765,958 | -H-- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/03 16:49:18 | 000,137,216 | ---- | M] () Play Wizard101.lnk -> C:\Users\Public\Desktop\Play Wizard101.lnk -> [2010/02/28 18:20:25 | 000,000,761 | ---- | M] () iSkysoft iPod Movie Converter.lnk -> C:\Users\Mike\Desktop\iSkysoft iPod Movie Converter.lnk -> [2010/02/28 00:48:34 | 000,001,090 | ---- | M] () download.exe -> C:\Users\Mike\Documents\download.exe -> [2010/02/28 00:47:51 | 009,965,143 | ---- | M] (iSkysoft Software                                           ) DivX Player.lnk -> C:\Users\Public\Desktop\DivX Player.lnk -> [2010/02/24 08:18:06 | 000,000,945 | ---- | M] () DivX Converter.lnk -> C:\Users\Public\Desktop\DivX Converter.lnk -> [2010/02/24 08:17:46 | 000,000,981 | ---- | M] () Logitech Touch Mouse Server.lnk -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk -> [2010/02/24 05:51:49 | 000,001,018 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/02/24 03:27:11 | 000,390,192 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/02/24 03:20:18 | 001,407,360 | ---- | M] () Driver Robot.job -> C:\Windows\tasks\Driver Robot.job -> [2010/02/21 04:37:00 | 000,000,446 | ---- | M] () gmer.zip -> C:\Users\Mike\Desktop\gmer.zip -> [2010/02/17 00:22:15 | 000,284,915 | ---- | M] () Router_Setup.html -> C:\Users\Mike\Desktop\Router_Setup.html -> [2010/02/09 01:21:55 | 000,006,029 | ---- | M] () avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/08 00:52:44 | 000,056,816 | ---- | M] (Avira GmbH) Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/02/07 00:51:03 | 000,001,857 | ---- | M] () .googlewebacchosts -> C:\Users\Mike\AppData\Roaming\.googlewebacchosts -> [2010/02/06 23:06:45 | 000,000,000 | ---- | M] () Msft_User_WpdMtpDr_01_07_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf -> [2010/02/06 11:12:57 | 000,000,000 | -H-- | M] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/02/05 20:56:32 | 000,001,804 | ---- | M] () diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/02/04 12:06:57 | 000,001,905 | ---- | M] () diagerr.xml -> C:\Windows\diagerr.xml -> [2010/02/04 12:06:57 | 000,001,905 | ---- | M] () FaxTools.lnk -> C:\Users\Public\Desktop\FaxTools.lnk -> [2010/02/04 11:12:56 | 000,001,671 | ---- | M] () hosts -> C:\Windows\System32\drivers\etc\hosts -> [2010/02/04 01:28:05 | 000,378,553 | R--- | M] () dellstat.ini -> C:\Windows\dellstat.ini -> [2010/02/03 00:12:07 | 000,000,102 | ---- | M] () 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> [Files - No Company Name] Play Wizard101.lnk -> C:\Users\Public\Desktop\Play Wizard101.lnk -> [2010/02/28 18:20:25 | 000,000,761 | ---- | C] () iSkysoft iPod Movie Converter.lnk -> C:\Users\Mike\Desktop\iSkysoft iPod Movie Converter.lnk -> [2010/02/28 00:45:58 | 000,001,090 | ---- | C] () DivX Player.lnk -> C:\Users\Public\Desktop\DivX Player.lnk -> [2010/02/24 08:18:06 | 000,000,945 | ---- | C] () DivX Converter.lnk -> C:\Users\Public\Desktop\DivX Converter.lnk -> [2010/02/24 08:17:46 | 000,000,981 | ---- | C] () Logitech Touch Mouse Server.lnk -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk -> [2010/02/24 05:51:49 | 000,001,018 | ---- | C] () gmer.exe -> C:\Users\Mike\Desktop\gmer.exe -> [2010/02/17 00:22:51 | 000,293,376 | ---- | C] () gmer.zip -> C:\Users\Mike\Desktop\gmer.zip -> [2010/02/17 00:22:12 | 000,284,915 | ---- | C] () Router Login.url -> C:\Users\Mike\Desktop\Router Login.url -> [2010/02/09 01:21:56 | 000,000,172 | R--- | C] () Router_Setup.html -> C:\Users\Mike\Desktop\Router_Setup.html -> [2010/02/09 01:21:55 | 000,006,029 | ---- | C] () lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/02/08 02:54:04 | 000,015,880 | ---- | C] () Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/02/07 00:51:03 | 000,001,857 | ---- | C] () Msft_User_WpdMtpDr_01_07_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf -> [2010/02/06 11:12:57 | 000,000,000 | -H-- | C] () iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/02/05 20:56:31 | 000,001,804 | ---- | C] () FaxTools.lnk -> C:\Users\Public\Desktop\FaxTools.lnk -> [2010/02/04 11:12:56 | 000,001,671 | ---- | C] () .googlewebacchosts -> C:\Users\Mike\AppData\Roaming\.googlewebacchosts -> [2010/02/04 01:52:32 | 000,000,000 | ---- | C] () dellstat.ini -> C:\Windows\dellstat.ini -> [2010/02/03 00:12:06 | 000,000,102 | ---- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/08/04 13:07:55 | 000,117,248 | ---- | C] () manage-bde.ini.en -> C:\Windows\System32\manage-bde.ini.en -> [2009/06/13 22:48:08 | 000,081,158 | ---- | C] () dlbajswr.dll -> C:\Windows\System32\dlbajswr.dll -> [2007/02/26 18:08:32 | 000,479,232 | ---- | C] () dlbacur.dll -> C:\Windows\System32\dlbacur.dll -> [2007/02/26 18:08:26 | 000,090,112 | ---- | C] () dlbacu.dll -> C:\Windows\System32\dlbacu.dll -> [2007/02/26 17:59:24 | 000,073,728 | ---- | C] () dlbautil.dll -> C:\Windows\System32\dlbautil.dll -> [2007/02/26 17:59:12 | 000,413,696 | ---- | C] () dlbacoin.dll -> C:\Windows\System32\dlbacoin.dll -> [2007/02/22 22:32:00 | 000,344,064 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 06:35:51 | 000,037,665 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 06:35:51 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 06:35:51 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 06:35:51 | 000,026,040 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 06:34:20 | 000,005,632 | ---- | C] () atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 04:25:44 | 000,159,744 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () dlbavs.dll -> C:\Windows\System32\dlbavs.dll -> [2005/12/16 19:15:18 | 000,040,960 | ---- | C] () dlbacnv4.dll -> C:\Windows\System32\dlbacnv4.dll -> [2005/09/13 17:27:08 | 000,061,440 | ---- | C] () px.ini -> C:\Windows\System32\px.ini -> [2004/04/09 02:15:50 | 000,000,000 | ---- | C] () [File - Lop Check] Disney Mix It Plug-in -> C:\Users\Mike\AppData\Roaming\Disney Mix It Plug-in -> [2009/11/22 01:23:57 | 000,000,000 | ---D | M] GetRightToGo -> C:\Users\Mike\AppData\Roaming\GetRightToGo -> [2009/09/01 19:04:12 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Mike\AppData\Roaming\Leadertech -> [2009/06/14 03:12:44 | 000,000,000 | ---D | M] LimeWire -> C:\Users\Mike\AppData\Roaming\LimeWire -> [2010/02/26 06:42:08 | 000,000,000 | ---D | M] Skinux -> C:\Users\Mike\AppData\Roaming\Skinux -> [2009/06/10 23:58:24 | 000,000,000 | ---D | M] Smart-Ads-Solutions -> C:\Users\Mike\AppData\Roaming\Smart-Ads-Solutions -> [2009/10/15 00:10:20 | 000,000,000 | ---D | M] Smilebox -> C:\Users\Mike\AppData\Roaming\Smilebox -> [2010/02/26 03:25:45 | 000,000,000 | ---D | M] Thinstall -> C:\Users\Mike\AppData\Roaming\Thinstall -> [2009/07/23 13:02:15 | 000,000,000 | ---D | M] TigerPlayer -> C:\Users\Mike\AppData\Roaming\TigerPlayer -> [2009/08/09 10:26:49 | 000,000,000 | ---D | M] uTorrent -> C:\Users\Mike\AppData\Roaming\uTorrent -> [2009/06/08 20:45:26 | 000,000,000 | ---D | M] Vso -> C:\Users\Mike\AppData\Roaming\Vso -> [2009/10/22 12:55:42 | 000,000,000 | ---D | M] W Photo Studio Viewer -> C:\Users\Mike\AppData\Roaming\W Photo Studio Viewer -> [2009/08/03 22:59:06 | 000,000,000 | ---D | M] Driver Robot.job -> C:\Windows\Tasks\Driver Robot.job -> [2010/02/21 04:37:00 | 000,000,446 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/03/03 23:23:00 | 000,032,552 | ---- | M] () User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> [2010/03/04 00:56:19 | 000,000,420 | -H-- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) < %ProgramFiles%\Movie Maker\*.dll > MOVIEMK.dll -> C:\Program Files\Movie Maker\MOVIEMK.dll -> [2009/04/11 00:28:20 | 010,927,104 | ---- | M] (Microsoft Corporation) OmdBase.dll -> C:\Program Files\Movie Maker\OmdBase.dll -> [2009/04/11 00:28:23 | 009,090,560 | ---- | M] (Microsoft Corporation) OmdProject.dll -> C:\Program Files\Movie Maker\OmdProject.dll -> [2009/04/11 00:28:23 | 004,137,984 | ---- | M] (Microsoft Corporation) Pipeline.dll -> C:\Program Files\Movie Maker\Pipeline.dll -> [2008/01/19 01:36:06 | 001,597,440 | ---- | M] (Microsoft Corporation) PipeTran.dll -> C:\Program Files\Movie Maker\PipeTran.dll -> [2008/01/19 01:36:06 | 001,500,160 | ---- | M] (Microsoft Corporation) VideoMediaHandler.dll -> C:\Program Files\Movie Maker\VideoMediaHandler.dll -> [2008/01/19 01:36:47 | 000,453,120 | ---- | M] (Microsoft Corporation) WMM2AE.dll -> C:\Program Files\Movie Maker\WMM2AE.dll -> [2009/04/11 00:28:25 | 000,195,072 | ---- | M] (Microsoft Corporation) WMM2CLIP.dll -> C:\Program Files\Movie Maker\WMM2CLIP.dll -> [2009/04/11 00:28:25 | 000,243,712 | ---- | M] (Microsoft Corporation) WMM2EXT.dll -> C:\Program Files\Movie Maker\WMM2EXT.dll -> [2009/04/11 00:28:25 | 000,023,040 | ---- | M] (Microsoft Corporation) WMM2FILT.dll -> C:\Program Files\Movie Maker\WMM2FILT.dll -> [2009/04/11 00:28:25 | 000,322,560 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: ALLUSERSAPPDATA < %SYSTEMROOT%\*.tmp > 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> < %PROGRAMFILES%\Internet Explorer\*.dll > hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2008/01/19 01:34:26 | 000,069,632 | ---- | M] (Microsoft Corporation) iessetup.dll -> C:\Program Files\Internet Explorer\iessetup.dll -> [2006/11/02 03:46:05 | 000,016,384 | ---- | M] (Microsoft Corporation) sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/06/07 23:47:50 | 000,129,536 | ---- | M] (Microsoft Corporation) Invalid Environment Variable: DriveLetter < %systemroot%\system32\*.dll /lockedfiles > comsvcs.dll : Unable to obtain MD5  -> C:\Windows\System32\comsvcs.dll -> [2009/04/11 00:28:18 | 001,209,856 | ---- | M] (Microsoft Corporation) rsaenh.dll : Unable to obtain MD5  -> C:\Windows\System32\rsaenh.dll -> [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) SLC.dll : Unable to obtain MD5  -> C:\Windows\System32\SLC.dll -> [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) vbscript.dll : Unable to obtain MD5  -> C:\Windows\System32\vbscript.dll -> [2009/04/11 00:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation) < MD5 Scans Start> < %systemdrive%\AGP440.SYS  /md5 /s > AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\drivers\AGP440.sys -> [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS  /md5 /s > atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\drivers\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation) < %systemdrive%\CNGAUDIT.DLL  /md5 /s > cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) < %systemdrive%\IASTORV.SYS  /md5 /s > iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys -> [2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\drivers\iaStorV.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL  /md5 /s > netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\System32\netlogon.dll -> [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) < %systemdrive%\NVSTOR.SYS  /md5 /s > nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\drivers\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) < %systemdrive%\SCECLI.DLL  /md5 /s > scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\System32\scecli.dll -> [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > comsvcs.dll : Unable to obtain MD5  -> C:\Windows\System32\comsvcs.dll -> [2009/04/11 00:28:18 | 001,209,856 | ---- | M] (Microsoft Corporation) rsaenh.dll : Unable to obtain MD5  -> C:\Windows\System32\rsaenh.dll -> [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) SLC.dll : Unable to obtain MD5  -> C:\Windows\System32\SLC.dll -> [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) vbscript.dll : Unable to obtain MD5  -> C:\Windows\System32\vbscript.dll -> [2009/04/11 00:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation) < %systemroot%\Tasks\*.job /lockedfiles > < c:\$recycle.bin\*.* /s > desktop.ini -> c:\$recycle.bin\S-1-5-20\desktop.ini -> [2009/06/13 13:09:56 | 000,000,129 | -HS- | M] () desktop.ini -> c:\$recycle.bin\S-1-5-21-2577028956-973465584-2722947088-1000\desktop.ini -> [2009/06/07 22:11:25 | 000,000,129 | -HS- | M] () desktop.ini -> c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500\desktop.ini -> [2006/11/02 07:02:47 | 000,000,129 | -HS- | M] () OTS cannot create restorepoints on Vista OSs! < End of report >
  11. First, Let me say that I posted all this once before, and I thought I subscribed to the thread and waited for a reply in my email, but I guess I messed it up. I came back to check, and someone had stopped by to help and since I hadn't replied in so long, the thread was closed. So here it is again. Again, my apologies, I am new to using forums and such. Hello all. Any help would be greatly appreciaited. My problem is this: my internet seems slow these days. I thought it was a problem with Comcast, so I got a new modem from them, and the problem remains. If i'm surfing the web, sometimes IE will not open the page. The problem is momentary, because if I hit refresh, it will open. My boys play Xbox live alot, and now in the middle of a game, the connection to the server will drop momentarily and re-establish itself. I have norton, Ccleaner, spybot, lavasoft ad-aware and Avira. Ad-aware and Avira scans freeze about 20 percent through. Any help would be immensely appreciated. I posted this in another forum and got no response, so I figured I may have put it in the wrong forum. Anyway, to anyone who thinks they can help, I have some more info. I have been pressing Comcast hard to find and fix the problem. A supervisor is scheduled to come to my house tomorrow and run some tests. However. The problem was especially bad last night. Cell phones, computer, and Xbox would drop three or four times a minute momentarily. The xbox is a different one, so it's not the xbox causing it. I went and bought a new router, and the problem remains, so it's not the router. Comcast have been out twice, and they replaced the modem (again), so we're on modem #3, so the modem is not causing the problem. They actually replaced the line out in the back yard, and the problem remains. I am convinced that the problem is with comcast, but I want to rule out my computer I did all the steps required before posting except the ERUNT one because it said that program was not for vista. So here are my logs. I also did the system restore step. GMER log: GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-17 02:46:18 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F00A000, 0x2585E6, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x78 0x54 0x99 0xCE ... ---- EOF - GMER 1.0.15 ---- I couldn't find the AdAware log, but when I ran the scan, It said there were 0 issues found. HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:40:29 AM, on 2/16/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.mostfungames.com/bmx-freestyle.htm" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab"]http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[/url] O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [url="http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab"]http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab[/url] O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1ca7d61dd48efd7) (gupdate1ca7d61dd48efd7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 9767 bytes Again, thank you for your time.
  12. Hello all. Any help would be greatly appreciaited. My problem is this: my internet seems slow these days. I thought it was a problem with Comcast, so I got a new modem from them, and the problem remains. If i'm surfing the web, sometimes IE will not open the page. The problem is momentary, because if I hit refresh, it will open. My boys play Xbox live alot, and now in the middle of a game, the connection to the server will drop momentarily and re-establish itself. I have norton, Ccleaner, spybot, lavasoft ad-aware and Avira. Ad-aware and Avira scans freeze about 20 percent through. Any help would be immensely appreciated. I posted this in another forum and got no response, so I figured I may have put it in the wrong forum. Anyway, to anyone who thinks they can help, I have some more info. I have been pressing Comcast hard to find and fix the problem. A supervisor is scheduled to come to my house tomorrow and run some tests. However. The problem was especially bad last night. Cell phones, computer, and Xbox would drop three or four times a minute momentarily. The xbox is a different one, so it's not the xbox causing it. I went and bought a new router, and the problem remains, so it's not the router. Comcast have been out twice, and they replaced the modem (again), so we're on modem #3, so the modem is not causing the problem. They actually replaced the line out in the back yard, and the problem remains. I am convinced that the problem is with comcast, but I want to rule out my computer I did all the steps required before posting except the ERUNT one because it said that program was not for vista. So here are my logs. I also did the system restore step. GMER log: GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-17 02:46:18 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F00A000, 0x2585E6, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x78 0x54 0x99 0xCE ... ---- EOF - GMER 1.0.15 ---- I couldn't find the AdAware log, but when I ran the scan, It said there were 0 issues found. HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:40:29 AM, on 2/16/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.mostfungames.com/bmx-freestyle.htm" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab"]http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[/url] O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [url="http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab"]http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab[/url] O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1ca7d61dd48efd7) (gupdate1ca7d61dd48efd7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 9767 bytes Again, thank you for your time.
  13. Ok. Thanks. Looks like I've got a little work to do before asking for help. I shall return.