Jump to content

IanBB

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by IanBB

  1. Compuer is running slow. System is using 30-40 CPU Here is the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:10 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\system32\java.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE D:\PROGRAM FILES\PFU\SCANSNAP\PFUSSSCT.EXE D:\PROGRAM FILES\PFU\SCANSNAP\DRIVER\PFUSSMON.EXE D:\PROGRAM FILES\INFINITE MIND LC\EYEQ\ARLAUNCH.EXE C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GoogleDesktop.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GoogleDesktop.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinPatrol] d:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 18122 bytes Malwarebytes' Anti-Malware 1.37 Database version: 2254 Windows 5.1.2600 Service Pack 3 6/9/2009 12:31:42 PM mbam-log-2009-06-09 (12-31-42).txt Scan type: Quick Scan Objects scanned: 99113 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. lol it was going to STOPZILLIZA the other day. Thanks. I think running Norton 360 Spyware Dr., Win Patrol and Malwarebytes' Anti-Malware is fine! Even this could be overkill but hay I alway have you guys!
  3. Ron, Thanks for everything!!! I have 1 question Did u see the last post u sent me: Here are some free programs I recommend that could help you improve your computer's security. Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Please click!!!!!!!!!
  4. Ron, I did not mean problems it is more like issues that are coming up on the report in Rootrepeal. I have taken care of the issues in HJT. and got rd of the 2 lines. Do you know about O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll is this OK? ALso do I need the repair consul when I boot up? BY THE WAY YOU ARE THE MAN!!!!!!!!!!!!!!!!!!!! Thanks again!!! Ian
  5. I'll do this later, thanks. The comp. is much better!!! I can use IE8 now. I still have some root problems. I am emailing someone at ROOTREPEAL about this. Here is the log: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/06/03 00:43 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Stealth Objects ------------------- Object: Hidden Module [Name: log4net.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x00f10000 Size: 249856 Object: Hidden Module [Name: LelaResource.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x03840000 Size: 274432 Object: Hidden Module [Name: Linksys EasyLink Advisor.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x03bc0000 Size: 1945600 Object: Hidden Module [Name: LelaResource.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x044e0000 Size: 7573504 Object: Hidden Module [Name: LelaNetwork.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x04d60000 Size: 241664 Object: Hidden Module [Name: LelaNetworkLib.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x04da0000 Size: 159744 Object: Hidden Module [Name: Interop.NetworkCore.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x05120000 Size: 258048 Object: Hidden Module [Name: LelaNetwork.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x04f60000 Size: 462848 Object: Hidden Module [Name: LelaServices.dll] Process: Linksys EasyLink Advisor.exe (PID: 1136) Address: 0x054f0000 Size: 200704 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a8d41e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8a8d61e8 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_READ] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP] Process: System Address: 0x881f0790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x899b41e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_CREATE] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_CLOSE] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_POWER] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: iastor, IRP_MJ_PNP] Process: System Address: 0x8a9471e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x899bc790 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a9481e8 Size: 121 Object: Hidden Code [Driver: ap5ckb5y؅౨瑎晦܂
  6. I repeated step #2 above. Here is the logs: Malwarebytes' Anti-Malware 1.37 Database version: 2217 Windows 5.1.2600 Service Pack 3 6/2/2009 6:55:23 PM mbam-log-2009-06-02 (18-55-23).txt Scan type: Quick Scan Objects scanned: 72971 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:43 PM, on 6/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\system32\java.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Safari\Safari.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [Pdfquickview] d:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe O4 - HKLM\..\Run: [PfuSsSct.exe] d:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 18794 bytes
  7. Ok Here are the logs: lela-3.11.9082.90.exe/data/WHA Drivers/81BE7DA0/9CB4C371/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243\lela-3;Probably DLOADER.Trojan;; stream007;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; data/WHA Drivers/81BE7DA0/9CB4C371/MediaCenterInstaller.db;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; lela-3.11.9082.90.exe/data/WHA Drivers/81BE7DA0/43A3EC56/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243\lela-3;Probably DLOADER.Trojan;; stream007;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; data/WHA Drivers/81BE7DA0/43A3EC56/MediaCenterInstaller.db;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; lela-3.11.9082.90.exe/data/WHA Drivers/E2CD122D/43A3EC56/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243\lela-3;Probably DLOADER.Trojan;; stream007;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; data/WHA Drivers/E2CD122D/43A3EC56/MediaCenterInstaller.db;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;; lela-3.11.9082.90.exe;C:\Documents and Settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243;Archive contains infected objects;Moved.; RegUBP2b-Ian.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.; Watson.msi/stream005\_F7CE5F33BCB34B0B8FF5FF952C5E7E96;C:\Documents and Settings\Ian\Application Data\CachedDownloads\{FFCA92C6-50AD-423E-92AE-B1994385218A}\Watson.msi/stream005;Probably BACKDOOR.Trojan;; stream005;C:\Documents and Settings\Ian\Application Data\CachedDownloads\{FFCA92C6-50AD-423E-92AE-B1994385218A};Archive contains infected objects;; Watson.msi;C:\Documents and Settings\Ian\Application Data\CachedDownloads\{FFCA92C6-50AD-423E-92AE-B1994385218A};Archive contains infected objects;Moved.; ComboFix.exe/data002\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\Ian\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;; data002;C:\Documents and Settings\Ian\Desktop;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\Ian\Desktop;Container contains infected objects;Moved.; A0000682.exe/data/WHA Drivers/81BE7DA0/9CB4C371/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000682.exe/data/WHA Drivers/81BE7DA0/9CB4C371;Probably DLOADER.Trojan;; stream007;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; data/WHA Drivers/81BE7DA0/9CB4C371/MediaCenterInstaller.db;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000682.exe/data/WHA Drivers/81BE7DA0/43A3EC56/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000682.exe/data/WHA Drivers/81BE7DA0/43A3EC56;Probably DLOADER.Trojan;; stream007;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; data/WHA Drivers/81BE7DA0/43A3EC56/MediaCenterInstaller.db;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000682.exe/data/WHA Drivers/E2CD122D/43A3EC56/MediaCenterInstaller.db/stream007\avmediaserver.exe;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000682.exe/data/WHA Drivers/E2CD122D/43A3EC56;Probably DLOADER.Trojan;; stream007;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; data/WHA Drivers/E2CD122D/43A3EC56/MediaCenterInstaller.db;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000682.exe;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000683.reg;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Trojan.StartPage.1505;Deleted.; A0000684.msi/stream005\_F7CE5F33BCB34B0B8FF5FF952C5E7E96;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000684.msi/stream005;Probably BACKDOOR.Trojan;; stream005;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000684.msi;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000685.exe/data002\32788R22FWJFW\FIND3M.bat;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000685.exe/data002;Probably BATCH.Virus;; data002;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000685.exe;C:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Container contains infected objects;Moved.; fgf140.exe\data019;F:\Downloads\fgf140.exe;Adware.Cydoor;; fgf140.exe;F:\Downloads;Archive contains infected objects;Moved.; waterfalls_aa.exe/data022\data001;F:\Downloads\waterfalls_aa.exe/data022;Adware.MyWay;; waterfalls_aa.exe/data022\data002;F:\Downloads\waterfalls_aa.exe/data022;Adware.MyWay;; waterfalls_aa.exe/data022\data003;F:\Downloads\waterfalls_aa.exe/data022;Adware.MyWay;; data022;F:\Downloads;Container contains infected objects;; waterfalls_aa.exe/data023\data134;F:\Downloads\waterfalls_aa.exe/data023;Adware.TopMoxie;; waterfalls_aa.exe/data023\data136;F:\Downloads\waterfalls_aa.exe/data023;Trojan.MoemoneyAd;; data023;F:\Downloads;Archive contains infected objects;; waterfalls_aa.exe\data024;F:\Downloads\waterfalls_aa.exe;Adware.SaveNow;; waterfalls_aa.exe;F:\Downloads;Archive contains infected objects;Moved.; ADOBE ILLUSTRATOR 10.0 KEYGEN.exe;F:\Downloads\Adobe\Adobe Illustrator\Adobe Illustrator 10;Trojan.Avid;Deleted.; babefest2005.exe\data018;F:\Downloads\Doc Comp\babefest2005.exe;Adware.NewDotNet;; babefest2005.exe\data019;F:\Downloads\Doc Comp\babefest2005.exe;Adware.NewDotNet;; babefest2005.exe\data020;F:\Downloads\Doc Comp\babefest2005.exe;Trojan.MulDrop.1528;; babefest2005.exe\data021;F:\Downloads\Doc Comp\babefest2005.exe;Adware.Ezula;; babefest2005.exe;F:\Downloads\Doc Comp;Archive contains infected objects;Moved.; dap53.exe/data022\dapbho.dll;F:\Downloads\Down. Acc. Plus\dap53.exe/data022;Adware.IEBar;; dap53.exe/data022\dapie.dll;F:\Downloads\Down. Acc. Plus\dap53.exe/data022;Adware.Dap;; dap53.exe/data022\dapns.dll;F:\Downloads\Down. Acc. Plus\dap53.exe/data022;Adware.Dap;; data022;F:\Downloads\Down. Acc. Plus;Archive contains infected objects;; dap53.exe;F:\Downloads\Down. Acc. Plus;Archive contains infected objects;Moved.; diagnose.exe\data002;F:\Downloads\Fresh Diag\diagnose.exe;Probably WIN.WORM.Virus;; diagnose.exe;F:\Downloads\Fresh Diag;Archive contains infected objects;Moved.; ServUSetup.exe\data001;F:\Downloads\FTP's\Serv-U\ServUSetup.exe;Program.ServUServer.5206;; ServUSetup.exe;F:\Downloads\FTP's\Serv-U;Archive contains infected objects;Moved.; gesetup.exe\data002;F:\Downloads\Golden Eye\gesetup.exe;Modification of BackDoor.Generic.1049;; gesetup.exe\data004;F:\Downloads\Golden Eye\gesetup.exe;Program.GYSpy;; gesetup.exe\data024;F:\Downloads\Golden Eye\gesetup.exe;Trojan.Hooker.31;; gesetup.exe;F:\Downloads\Golden Eye;Archive contains infected objects;Moved.; setup.exe\data004;F:\Downloads\Password Reminder\setup.exe;BackDoor.PowerSpider;; setup.exe;F:\Downloads\Password Reminder;Archive contains infected objects;Moved.; apacheah64.exe\data014;F:\Downloads\Screensaver's\apacheah64.exe;Adware.NewDotNet;; apacheah64.exe\data022;F:\Downloads\Screensaver's\apacheah64.exe;Trojan.DownLoader.origin;; apacheah64.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; santafree.exe/data031/data001\Save.exe;F:\Downloads\Screensaver's\santafree.exe/data031/data001;Trojan.Whenu;; data001;F:\Downloads\Screensaver's;Archive contains infected objects;; santafree.exe/data031/data002\Sync.exe;F:\Downloads\Screensaver's\santafree.exe/data031/data002;Adware.ClockSync;; santafree.exe/data031/data002\Uninst.exe;F:\Downloads\Screensaver's\santafree.exe/data031/data002;Adware.SaveNow;; data002;F:\Downloads\Screensaver's;Archive contains infected objects;; data031;F:\Downloads\Screensaver's;Container contains infected objects;; santafree.exe\data032;F:\Downloads\Screensaver's\santafree.exe;Adware.NewDotNet;; santafree.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; snowfree.exe/snowy.exe\BSAVEINST.EXE;F:\Downloads\Screensaver's\snowfree.exe/snowy.exe;Adware.SaveNow;; snowfree.exe/snowy.exe\3 8 02 MINIBUG.EXE;F:\Downloads\Screensaver's\snowfree.exe/snowy.exe;Adware.Minibug;; snowy.exe;F:\Downloads\Screensaver's;Archive contains infected objects;; snowfree.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; transitionss.exe\data014;F:\Downloads\Screensaver's\transitionss.exe;Adware.NewDotNet;; transitionss.exe\data022;F:\Downloads\Screensaver's\transitionss.exe;Trojan.DownLoader.origin;; transitionss.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; voyager_setup.exe\data003;F:\Downloads\Screensaver's\voyager_setup.exe;Trojan.MulDrop.1027;; voyager_setup.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; watermill.exe\data009;F:\Downloads\Screensaver's\watermill.exe;Adware.IGetNet;; watermill.exe\data010;F:\Downloads\Screensaver's\watermill.exe;Adware.NewDotNet;; watermill.exe\data011;F:\Downloads\Screensaver's\watermill.exe;Adware.NewDotNet;; watermill.exe\data013;F:\Downloads\Screensaver's\watermill.exe;Adware.NewDotNet;; watermill.exe/data016\data003;F:\Downloads\Screensaver's\watermill.exe/data016;Trojan.KeenValAd.origin;; data016;F:\Downloads\Screensaver's;Archive contains infected objects;; watermill.exe;F:\Downloads\Screensaver's;Archive contains infected objects;Moved.; pcAnywhere.exe\javascript.0;F:\Downloads\UltraEdit-32 11.00\pcAnywhere.exe;Trojan.DownLoader.2141;; pcAnywhere.exe;F:\Downloads\UltraEdit-32 11.00;Container contains infected objects;Moved.; RunMSC.dll;F:\Old Comp\FFF\Old Comp F\Program Files\BearShare;Adware.SearchAid.40;Moved.; A0000686.exe\data019;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000686.exe;Adware.Cydoor;; A0000686.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000687.exe/data022\data001;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe/data022;Adware.MyWay;; A0000687.exe/data022\data002;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe/data022;Adware.MyWay;; A0000687.exe/data022\data003;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe/data022;Adware.MyWay;; data022;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Container contains infected objects;; A0000687.exe/data023\data134;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe/data023;Adware.TopMoxie;; A0000687.exe/data023\data136;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe/data023;Trojan.MoemoneyAd;; data023;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000687.exe\data024;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000687.exe;Adware.SaveNow;; A0000687.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000688.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Trojan.Avid;Deleted.; A0000690.exe\data018;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000690.exe;Adware.NewDotNet;; A0000690.exe\data019;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000690.exe;Adware.NewDotNet;; A0000690.exe\data020;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000690.exe;Trojan.MulDrop.1528;; A0000690.exe\data021;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000690.exe;Adware.Ezula;; A0000690.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000691.exe/data022\dapbho.dll;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000691.exe/data022;Adware.IEBar;; A0000691.exe/data022\dapie.dll;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000691.exe/data022;Adware.Dap;; A0000691.exe/data022\dapns.dll;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000691.exe/data022;Adware.Dap;; data022;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000691.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000714.exe\data002;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000714.exe;Probably WIN.WORM.Virus;; A0000714.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000715.exe\data001;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000715.exe;Program.ServUServer.5206;; A0000715.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000716.exe\data002;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000716.exe;Modification of BackDoor.Generic.1049;; A0000716.exe\data004;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000716.exe;Program.GYSpy;; A0000716.exe\data024;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000716.exe;Trojan.Hooker.31;; A0000716.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000717.exe\data004;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000717.exe;BackDoor.PowerSpider;; A0000717.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000718.exe\data014;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000718.exe;Adware.NewDotNet;; A0000718.exe\data022;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000718.exe;Trojan.DownLoader.origin;; A0000718.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000719.exe/data031/data001\Save.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000719.exe/data031/data001;Trojan.Whenu;; data001;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000719.exe/data031/data002\Sync.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000719.exe/data031/data002;Adware.ClockSync;; A0000719.exe/data031/data002\Uninst.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000719.exe/data031/data002;Adware.SaveNow;; data002;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; data031;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Container contains infected objects;; A0000719.exe\data032;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000719.exe;Adware.NewDotNet;; A0000719.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000720.exe/snowy.exe\BSAVEINST.EXE;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000720.exe/snowy.exe;Adware.SaveNow;; A0000720.exe/snowy.exe\3 8 02 MINIBUG.EXE;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000720.exe/snowy.exe;Adware.Minibug;; snowy.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000720.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000721.exe\data014;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000721.exe;Adware.NewDotNet;; A0000721.exe\data022;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000721.exe;Trojan.DownLoader.origin;; A0000721.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000722.exe\data003;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000722.exe;Trojan.MulDrop.1027;; A0000722.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000723.exe\data009;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000723.exe;Adware.IGetNet;; A0000723.exe\data010;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000723.exe;Adware.NewDotNet;; A0000723.exe\data011;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000723.exe;Adware.NewDotNet;; A0000723.exe\data013;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000723.exe;Adware.NewDotNet;; A0000723.exe/data016\data003;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000723.exe/data016;Trojan.KeenValAd.origin;; data016;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;; A0000723.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Archive contains infected objects;Moved.; A0000724.exe\javascript.0;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4\A0000724.exe;Trojan.DownLoader.2141;; A0000724.exe;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Container contains infected objects;Moved.; A0000725.dll;F:\System Volume Information\_restore{6F58929A-EFFE-4F20-BFE7-65BEAB6AFB90}\RP4;Adware.SearchAid.40;Moved.; UTXP78EN.exe/data001/stream024\io.exe;F:\unzipped\MindSoft Utilities XP\UTXP78EN.exe/data001/stream024;Probably BACKDOOR.Trojan;; stream024;F:\unzipped\MindSoft Utilities XP;Archive contains infected objects;; data001;F:\unzipped\MindSoft Utilities XP;Archive contains infected objects;; UTXP78EN.exe;F:\unzipped\MindSoft Utilities XP;Container contains infected objects;Moved.; Loader298.exe;F:\unzipped\Registry Medic v2.98 b223;Tool.ASEye.2;; InstallHelper.exe;J:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:06 AM, on 6/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [Pdfquickview] d:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe O4 - HKLM\..\Run: [PfuSsSct.exe] d:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 18395 bytes
  8. Hi Here is the 3 logs u asked for: ComboFix 09-05-31.02 - Ian 05/31/2009 17:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1215 [GMT -4:00] Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ian\Desktop\CFscript.txt AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FILE :: "c:\windows\system32\1045\tmp1.exe s" "c:\windows\system32\1045\tmp1.exe" "c:\windows\System32\Drivers\awtjplx8.SYS" "c:\windows\system32\drivers\SZKG.sys" "c:\windows\system32\Drivers\yeddef.sys" "d:\program files\STOPzilla!\SZSG.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\iS3 c:\program files\Common Files\iS3\Anti-Spyware\detoured.dll c:\program files\Common Files\iS3\Anti-Spyware\fullupd.rsf c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll c:\program files\Common Files\iS3\Anti-Spyware\iS3SiteBlocker.dll c:\program files\Common Files\iS3\Anti-Spyware\iS3SploitChecker.dll c:\program files\Common Files\iS3\Anti-Spyware\IS3Updater.exe c:\program files\Common Files\iS3\Anti-Spyware\phishing.rsf c:\program files\Common Files\iS3\Anti-Spyware\sgdfull.rsf c:\program files\Common Files\iS3\Anti-Spyware\SGPrxy.dll c:\program files\Common Files\iS3\Anti-Spyware\SGSvc.dll c:\program files\Common Files\iS3\Anti-Spyware\SGTargetUpdate.Exe c:\program files\Common Files\iS3\Anti-Spyware\SZBrCom.dll c:\program files\Common Files\iS3\Anti-Spyware\SZCfgSvc.dll c:\program files\Common Files\iS3\Anti-Spyware\SZClientCom.dll c:\program files\Common Files\iS3\Anti-Spyware\SZClLic.dll c:\program files\Common Files\iS3\Anti-Spyware\SZEXIT.dll c:\program files\Common Files\iS3\Anti-Spyware\SZExtrSS.dll c:\program files\Common Files\iS3\Anti-Spyware\SZHistory.dll c:\program files\Common Files\iS3\Anti-Spyware\SZJustice.dll c:\program files\Common Files\iS3\Anti-Spyware\SZPAHost.dll c:\program files\Common Files\iS3\Anti-Spyware\SZQrntn.dll c:\program files\Common Files\iS3\Anti-Spyware\SZScanner.exe c:\program files\Common Files\iS3\Anti-Spyware\SZSchSvc.dll c:\program files\Common Files\iS3\Anti-Spyware\SZScnSvc.dll c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe c:\program files\Common Files\iS3\Anti-Spyware\SZSnsrSv.dll c:\program files\Common Files\iS3\Anti-Spyware\SZSvcHost.dll c:\program files\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe c:\program files\Common Files\iS3\Anti-Spyware\SZTrgSS.dll c:\program files\Common Files\iS3\Anti-Spyware\SZUniTrg.dll c:\program files\Common Files\iS3\Anti-Spyware\updcsz.dll c:\windows\system32\drivers\SZKG.sys c:\windows\system32\SET29A.tmp d:\program files\STOPzilla! d:\program files\STOPzilla!\Diagnostics\DiagScan.exe d:\program files\STOPzilla!\Diagnostics\SZDxScanCore5.dll d:\program files\STOPzilla!\roar.wav d:\program files\STOPzilla!\sgskin.dll d:\program files\STOPzilla!\snore.wav d:\program files\STOPzilla!\STOPzilla.exe d:\program files\STOPzilla!\STOPzillaHelp.chm d:\program files\STOPzilla!\swin32z.exe d:\program files\STOPzilla!\SZBlkLst.exe d:\program files\STOPzilla!\SZHistUI.dll d:\program files\STOPzilla!\SZIEBHO.dll d:\program files\STOPzilla!\SZInit.Exe d:\program files\STOPzilla!\SZLMScn.dll d:\program files\STOPzilla!\SZOptions.exe d:\program files\STOPzilla!\SZRegister.exe d:\program files\STOPzilla!\SZRes5En.dll d:\program files\STOPzilla!\SZRollup.dll d:\program files\STOPzilla!\SZSG.dll d:\program files\STOPzilla!\SZSplash.dll d:\program files\STOPzilla!\SZTrayIcon.dll d:\program files\STOPzilla!\SZUndelete.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SZKG5 -------\Service_szkg5 -------\Service_yeddef ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 ))))))))))))))))))))))))))))))) . 2009-05-31 21:46 . 2009-05-31 21:46 186192 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-31 20:12 . 2009-05-26 02:11 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVENG.SYS 2009-05-31 20:12 . 2009-05-26 02:11 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVEX15.SYS 2009-05-31 20:12 . 2009-05-26 02:11 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\EECTRL.SYS 2009-05-31 20:12 . 2009-05-26 02:11 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\ERASER.SYS 2009-05-31 20:12 . 2009-05-26 02:10 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVENG32.DLL 2009-05-31 20:12 . 2009-05-26 02:10 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVEX32A.DLL 2009-05-31 20:12 . 2009-05-26 02:10 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\ECMSVR32.DLL 2009-05-31 20:12 . 2009-05-26 02:10 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\CCERASER.DLL 2009-05-29 23:54 . 2009-05-26 02:11 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys 2009-05-29 23:54 . 2009-05-26 02:11 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys 2009-05-29 23:54 . 2009-05-26 02:11 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys 2009-05-29 23:54 . 2009-05-26 02:10 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll 2009-05-29 23:54 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll 2009-05-26 17:35 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-05-26 17:35 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-05-26 17:35 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-26 17:35 . 2009-05-26 17:35 -------- d-----w- c:\program files\Common Files\PC Tools 2009-05-26 17:35 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-05-26 17:34 . 2009-05-26 17:34 -------- d-----w- c:\documents and settings\Ian\Application Data\PC Tools 2009-05-26 17:34 . 2009-05-26 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-05-26 16:40 . 2009-05-26 16:40 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w- c:\documents and settings\Ian\Application Data\Malwarebytes 2009-05-26 15:44 . 2009-05-26 15:44 68456 ---ha-w- c:\windows\system32\mlfcache.dat 2009-05-26 14:52 . 2009-04-06 19:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-26 14:52 . 2009-04-06 19:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 14:52 . 2009-05-26 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-26 02:14 . 2009-05-26 02:11 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys 2009-05-26 02:14 . 2009-05-26 02:11 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys 2009-05-26 02:14 . 2009-05-26 02:11 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys 2009-05-26 02:14 . 2009-05-26 02:10 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll 2009-05-26 02:14 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w- c:\documents and settings\Ian\Local Settings\Application Data\Downloaded Installations 2009-05-26 02:11 . 2009-05-26 02:11 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-05-26 02:11 . 2009-05-26 02:11 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-26 02:11 . 2009-05-26 02:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w- c:\program files\Symantec 2009-05-26 02:11 . 2009-05-26 02:11 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys 2009-05-26 02:11 . 2009-05-26 02:11 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-05-26 02:11 . 2009-05-26 02:11 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys 2009-05-26 02:10 . 2009-05-26 02:11 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-26 02:10 . 2009-05-26 02:10 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-26 02:10 . 2009-05-26 02:10 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll 2009-05-26 02:10 . 2009-05-26 02:10 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-05-26 02:10 . 2009-05-26 02:10 -------- d-----w- c:\windows\system32\drivers\N360 2009-05-26 02:10 . 2009-05-26 02:10 -------- d-----w- c:\program files\Norton 360 2009-05-26 01:51 . 2009-05-26 01:51 -------- d-----w- c:\program files\NortonInstaller 2009-05-24 02:16 . 2009-05-24 02:18 245999472 ----a-w- c:\documents and settings\All Users\Application Data\Linksys\Linksys Updater\update\35A205B7-27AF-4DE7-98DC-156614EFC2DE\lela-3.11.9139.94.exe 2009-05-16 22:29 . 2009-05-16 22:29 -------- d-----w- c:\documents and settings\Ian\Application Data\GetRightToGo 2009-05-16 22:25 . 2009-05-24 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-05-16 22:25 . 2009-05-31 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-05-16 20:55 . 2009-05-16 20:55 -------- d-----w- C:\!KillBox 2009-05-16 20:44 . 2009-05-16 20:44 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-05-16 18:14 . 2009-05-16 18:14 -------- d-----w- c:\program files\iPod 2009-05-16 18:14 . 2009-05-16 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-16 18:12 . 2009-03-26 19:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-05-16 18:11 . 2009-05-16 18:11 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-16 18:10 . 2009-05-16 18:10 -------- d-----w- c:\program files\Bonjour 2009-05-13 19:28 . 2009-05-13 19:28 17408 ----a-r- c:\windows\system32\SZIO5.dll 2009-05-13 19:27 . 2009-05-13 19:27 294912 ----a-r- c:\windows\system32\SZBase5.dll 2009-05-13 19:27 . 2009-05-13 19:27 540672 ----a-r- c:\windows\system32\SZComp5.dll 2009-05-10 03:47 . 2009-05-10 03:47 -------- d-----w- c:\documents and settings\Ian\Application Data\GARMIN 2009-05-10 03:47 . 2009-05-10 03:47 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-05-10 03:33 . 2009-05-10 03:33 -------- d-----w- c:\program files\Garmin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-31 20:03 . 2009-05-31 20:03 1168 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-05-30 04:15 . 2008-07-17 06:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-05-26 02:22 . 2008-10-12 18:06 -------- d-----w- c:\program files\Norton Support 2009-05-26 02:14 . 2007-12-23 21:23 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-05-26 02:11 . 2009-05-26 02:11 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-26 02:11 . 2009-05-26 02:11 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-26 02:10 . 2008-12-28 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-05-26 02:09 . 2008-10-12 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-26 02:05 . 2008-12-28 19:31 -------- d-----w- c:\documents and settings\Ian\Application Data\Symantec 2009-05-26 01:51 . 2008-10-12 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-05-16 22:22 . 2007-12-28 06:09 -------- d-----w- c:\documents and settings\Ian\Application Data\Apple Computer 2009-05-16 18:14 . 2008-07-31 03:24 -------- d-----w- c:\program files\Common Files\Apple 2009-05-16 14:53 . 2007-12-31 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-10 03:33 . 2008-05-26 01:31 -------- d-----w- c:\program files\DIFX 2009-04-16 03:15 . 2009-04-14 23:04 -------- d-----w- c:\documents and settings\Ian\Application Data\ZoomBrowser EX 2009-04-14 23:14 . 2009-04-14 23:06 -------- d-----w- c:\documents and settings\Ian\Application Data\CameraWindowDC 2009-04-14 23:06 . 2009-04-14 23:06 -------- d-----w- c:\documents and settings\Ian\Application Data\CANON INC 2009-04-14 22:52 . 2009-04-14 22:52 -------- d-----w- c:\program files\Canon 2009-04-14 22:52 . 2009-04-14 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-14 22:47 . 2009-04-14 22:47 -------- d-----w- c:\program files\Common Files\Canon 2009-04-12 17:46 . 2007-12-22 20:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-04-01 20:11 . 2009-04-01 20:08 250213280 ----a-w- c:\documents and settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243\lela-3.11.9082.90.exe 2009-03-31 19:03 . 2007-12-22 21:07 85808 ----a-w- c:\documents and settings\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-31 16:36 . 2009-03-31 16:36 152576 ----a-w- c:\documents and settings\Ian\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-28 16:40 . 2008-07-18 04:11 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll 2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll 2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll 2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll 2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll 2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll 2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll 2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll 2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll 2009-03-26 19:23 . 2008-07-31 03:24 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-03-16 18:18 . 2009-03-31 17:14 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-03-16 18:18 . 2009-03-31 17:14 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-03-16 18:18 . 2009-03-31 17:14 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-03-16 18:18 . 2009-03-31 17:14 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-03-10 16:25 . 2009-03-10 16:25 503808 ----a-w- c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\msvcp71.dll 2009-03-10 16:25 . 2009-03-10 16:25 499712 ----a-w- c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\jmc.dll 2009-03-10 16:25 . 2009-03-10 16:25 348160 ----a-w- c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\msvcr71.dll 2009-03-10 16:23 . 2009-03-10 16:23 152576 ----a-w- c:\documents and settings\Ian\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-03-09 19:27 . 2009-03-31 17:14 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-03-09 19:27 . 2009-03-31 17:14 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-03-09 19:27 . 2009-03-31 17:14 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-03-09 09:19 . 2009-03-10 16:24 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w- c:\windows\system32\wininet.dll 2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w- c:\windows\system32\licmgr10.dll 2009-03-08 08:33 . 2008-07-20 03:21 18944 ----a-w- c:\windows\system32\corpol.dll 2009-03-08 08:33 . 2008-07-20 03:21 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w- c:\windows\system32\admparse.dll 2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w- c:\windows\system32\imgutil.dll 2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w- c:\windows\system32\mshta.exe 2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w- c:\windows\system32\msls31.dll 2009-03-07 18:47 . 2008-01-01 03:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-03-06 14:22 . 2008-07-20 03:21 284160 ----a-w- c:\windows\system32\pdh.dll 2002-07-19 15:50 . 2007-12-27 21:43 153088 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((( SnapShot@2009-05-30_05.00.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-31 21:48 . 2009-05-31 21:48 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat + 2009-05-31 21:47 . 2009-05-31 21:47 16384 c:\windows\Temp\Perflib_Perfdata_784.dat + 2009-05-31 21:47 . 2009-05-31 21:47 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-01 29744] "DrvIcon"="d:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056] "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-06-13 139264] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "PPort11reminder"="d:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368] "Pdfquickview"="d:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe" [2003-12-22 32768] "PfuSsSct.exe"="d:\program files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 110592] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] c:\documents and settings\Ian\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-20 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - d:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-6-28 221247] MiniEYE-MiniREAD Launch.lnk - d:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2008-10-19 323584] ScanSnap Manager.lnk - d:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-1-20 991232] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl] 2008-06-14 02:39 45184 ----a-w- c:\windows\system32\fsp_lmwl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Documents and Settings\\Ian\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"= "c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"= "g:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\TeamViewer3\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/26/2009 1:35 PM 130936] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [5/25/2009 10:11 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [5/25/2009 10:11 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [5/25/2009 10:11 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [5/29/2009 7:54 PM 276344] R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\Fjscan32\FJTWMKSV.exe [1/17/2009 10:28 PM 45056] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/3/2008 1:33 PM 628584] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/3/2008 1:33 PM 628584] R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [5/8/2008 4:59 PM 204800] R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/25/2009 10:11 PM 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2009 10:14 PM 101936] R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [11/6/2008 3:59 PM 10096] R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [3/27/2008 4:48 PM 36288] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/27/2007 5:58 PM 29744] S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032] S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/26/2009 1:35 PM 348752] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2009-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-861567501-2147238677-1003.job - c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 06:53] 2009-04-04 c:\windows\Tasks\User_Feed_Synchronization-{718193D4-712E-4E07-B2D6-DD235BFC2AF4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://gmail.com/ mWindow Title = Ian's Computer uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\wwws Trusted Zone: streamer.com Trusted Zone: tdameritrade.com Trusted Zone: vectorvest.com\www Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-31 17:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-725345543-861567501-2147238677-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\fsp_lmwl.dll - - - - - - - > 'explorer.exe'(5252) d:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . d:\program files\Lavasoft\Ad-Aware\aawservice.exe d:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\java.exe d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe c:\windows\system32\searchindexer.exe c:\program files\Canon\CAL\CALMAIN.exe d:\program files\Lock My PC 4\lockpc.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe d:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe . ************************************************************************** . Completion time: 2009-05-31 17:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-31 21:54 ComboFix2.txt 2009-05-30 05:04 ComboFix3.txt 2008-01-01 19:15 ComboFix4.txt 2007-12-31 15:19 Pre-Run: 17,335,549,952 bytes free Post-Run: 17,306,374,144 bytes free Current=7 Default=7 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 410 --- E O F --- 2009-05-16 14:49 Malwarebytes' Anti-Malware 1.37 Database version: 2203 Windows 5.1.2600 Service Pack 3 5/31/2009 6:02:20 PM mbam-log-2009-05-31 (18-02-20).txt Scan type: Quick Scan Objects scanned: 96145 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:04:36 PM, on 5/31/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\system32\java.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\RUNDLL32.EXE c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [Pdfquickview] d:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe O4 - HKLM\..\Run: [PfuSsSct.exe] d:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 18434 bytes Just for your info Norton still says I have that virus. Thanks again Ian
  9. LOL OK but how remove reg files? Here is the Root file ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/05/30 01:31 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: awtjplx8.SYS Image Path: C:\WINDOWS\System32\Drivers\awtjplx8.SYS Address: 0xB448C000 Size: 425984 File Visible: No Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7A4F000 Size: 1664 File Visible: No Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xB9721000 Size: 2560 File Visible: No Status: - Name: PCI_NTPNP2804 Image Path: \Driver\PCI_NTPNP2804 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAF24F000 Size: 45056 File Visible: No Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xF798D000 Size: 5248 File Visible: No Status: - Name: SYMEFA.SYS Image Path: SYMEFA.SYS Address: 0xF7AC8000 Size: 323584 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Status: Allocation size mismatch (API: 2736128, Raw: 2727936) Path: C:\Documents and Settings\All Users\Application Data\Linksys\Lela\Lela.log Status: Size mismatch (API: 23329, Raw: 23029) Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Status: Size mismatch (API: 24746, Raw: 24284) Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Shl_{547A24D2-821C-451E-8D26-33683B8F61A4}.ldb Status: Allocation size mismatch (API: 64, Raw: 0) Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\049 I Know That Thought....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\050 Through My Thoughts....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\053 I Am A Thinking Center....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\054 By Focusing My Thoughts....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\056 I Know That There Is....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\057 I have the ability to form....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\058 I have the ability to think....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\059 I always think truth....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\060 I engage in sustained...mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Desktop\Books\488 Power Affirmations! Power Positive Conditioning for Your Subconscious Mind\The Science of Getting Rich\Chapter 4 - The First Principle in the Science of Getting Rich\063 There is always abundance....mp3:Zone.Identifier Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Local Settings\Apps\2.0\7PAVVTA1.WAZ\VPMY5EAX.1TJ\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Ian\Local Settings\Apps\2.0\7PAVVTA1.WAZ\VPMY5EAX.1TJ\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! SSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x88182050 #: 013 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x880ca050 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x876457b0 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x881b7050 #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x89b1f290 #: 041 Function Name: NtCreateKey Status: Hooked by "PCTCore.sys" at address 0xf7a44514 #: 043 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x876435f8 #: 047 Function Name: NtCreateProcess Status: Hooked by "PCTCore.sys" at address 0xf7a33282 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "PCTCore.sys" at address 0xf7a33474 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x87642f38 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x876aee70 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x880bb050 #: 063 Function Name: NtDeleteKey Status: Hooked by "PCTCore.sys" at address 0xf7a44d00 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "PCTCore.sys" at address 0xf7a44fb8 #: 068 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x87645908 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf7452fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf7453340 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x87645610 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x881b8050 #: 091 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x880bc050 #: 097 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x89b55270 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x87645530 #: 114 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x87759050 #: 119 Function Name: NtOpenKey Status: Hooked by "PCTCore.sys" at address 0xf7a433fa #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x87645aa8 #: 123 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x88f3d6e0 #: 125 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x880c9050 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x876459d8 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x87642008 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf7453418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xf7453298 #: 192 Function Name: NtRenameKey Status: Hooked by "PCTCore.sys" at address 0xf7a45422 #: 206 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x881ee1d0 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x89b520c8 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x87652d58 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "<unknown>" at address 0x88181050 #: 247 Function Name: NtSetValueKey Status: Hooked by "PCTCore.sys" at address 0xf7a447d8 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x877cf050 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x877e0050 #: 257 Function Name: NtTerminateProcess Status: Hooked by "PCTCore.sys" at address 0xf7a32f32 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x881ed0c0 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x89d80700 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x876456e0 Stealth Objects ------------------- Object: Hidden Module [Name: LelaServices.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x05890000 Size: 200704 Object: Hidden Module [Name: LelaNetwork.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x05150000 Size: 462848 Object: Hidden Module [Name: log4net.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x00f10000 Size: 249856 Object: Hidden Module [Name: LelaResource.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x03840000 Size: 274432 Object: Hidden Module [Name: LelaResource.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x04910000 Size: 7573504 Object: Hidden Module [Name: Linksys EasyLink Advisor.resources.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x03ff0000 Size: 1945600 Object: Hidden Module [Name: LelaNetwork.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x05090000 Size: 241664 Object: Hidden Module [Name: Interop.NetworkCore.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x05370000 Size: 258048 Object: Hidden Module [Name: LelaNetworkLib.dll] Process: Linksys EasyLink Advisor.exe (PID: 1252) Address: 0x05300000 Size: 159744 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a8eb1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8a90c1e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_READ] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP] Process: System Address: 0x876901e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x89d361e8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_CREATE] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_CLOSE] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_POWER] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: awtjplx8؅䱓橔؁ం扏楄䑈쀰蝡؂ఆ剒敬, IRP_MJ_PNP] Process: System Address: 0x89a705f8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_CREATE] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_CLOSE] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_POWER] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: iastor, IRP_MJ_PNP] Process: System Address: 0x8a8d61e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89ca51e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a9501e8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x881a6790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89ba7790 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x881ba1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_CREATE] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_CLOSE] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_READ] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_SET_INFORMATION] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_SHUTDOWN] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_CLEANUP] Process: System Address: 0x875ac1e8 Size: - Object: Hidden Code [Driver: Cdfsࠅఇ䵃慄歶, IRP_MJ_PNP] Process: System Address: 0x875ac1e8 Size: - Thanks again for your help have a great weekend! Ian
  10. I could keep them if they are good which I think they are. Let me know your thoughts Ian
  11. Here is the boot log Loaded driver \SystemRoot\system32\drivers\kmixer.sys Service Pack 3 5 30 2009 01:22:00.375 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver szkg.sys Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver iaStor.sys Loaded driver cercsr6.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PCTCore.sys Loaded driver SYMEFA.SYS Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver speedfan.sys Loaded driver Mup.sys Loaded driver giveio.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\b57xp32.sys Loaded driver \SystemRoot\system32\DRIVERS\ctoss2k.sys Loaded driver \SystemRoot\system32\DRIVERS\ctsfm2k.sys Loaded driver \SystemRoot\system32\drivers\P17.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\point32.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\Drivers\MaplomL.SYS Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\Maplom.SYS Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\awtjplx8.SYS Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\SymIM.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys Loaded driver \SystemRoot\system32\drivers\Senfilt.sys Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMNDIS.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMFW.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMIDS.SYS Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMTDI.SYS Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSPX.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \??\C:\WINDOWS\system32\mbmiodrvr.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\FileDisk.SYS Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys Loaded driver \SystemRoot\System32\Drivers\cpuidlep.SYS Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\ccHPx86.sys Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys Loaded driver \??\C:\WINDOWS\system32\drivers\N360\0300000.087\BHDrvx86.sys Loaded driver \SystemRoot\System32\Drivers\BANTExt.sys Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\Drivers\LMPC4.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\nwlnkipx.sys Loaded driver \SystemRoot\system32\DRIVERS\nwlnknb.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Loaded driver \SystemRoot\system32\DRIVERS\pnarp.sys Loaded driver \SystemRoot\system32\DRIVERS\purendis.sys Loaded driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys Loaded driver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
  12. Here they are: ComboFix 09-05-29.01 - Ian 05/30/2009 0:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1147 [GMT -4:00] Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\system32\_005117_.tmp.dll c:\windows\system32\_005118_.tmp.dll c:\windows\system32\_005119_.tmp.dll c:\windows\system32\_005120_.tmp.dll c:\windows\system32\_005127_.tmp.dll c:\windows\system32\_005128_.tmp.dll c:\windows\system32\_005129_.tmp.dll c:\windows\system32\_005130_.tmp.dll c:\windows\system32\_005132_.tmp.dll c:\windows\system32\_005133_.tmp.dll c:\windows\system32\_005136_.tmp.dll c:\windows\system32\_005137_.tmp.dll c:\windows\system32\_005139_.tmp.dll c:\windows\system32\_005140_.tmp.dll c:\windows\system32\_005141_.tmp.dll c:\windows\system32\_005143_.tmp.dll c:\windows\system32\_005146_.tmp.dll c:\windows\system32\_005147_.tmp.dll c:\windows\system32\_005151_.tmp.dll c:\windows\system32\_005152_.tmp.dll c:\windows\system32\_005154_.tmp.dll c:\windows\system32\_005157_.tmp.dll c:\windows\system32\_005159_.tmp.dll c:\windows\system32\_005160_.tmp.dll c:\windows\system32\_005161_.tmp.dll c:\windows\system32\_005162_.tmp.dll c:\windows\system32\_005163_.tmp.dll c:\windows\system32\_005166_.tmp.dll c:\windows\system32\_005167_.tmp.dll c:\windows\system32\_005168_.tmp.dll c:\windows\system32\_005169_.tmp.dll c:\windows\system32\_005170_.tmp.dll c:\windows\system32\_005171_.tmp.dll c:\windows\system32\_005175_.tmp.dll c:\windows\system32\_005177_.tmp.dll c:\windows\system32\_005178_.tmp.dll c:\windows\system32\mfc45.dll c:\windows\system32\uuddc32.dll . ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 ))))))))))))))))))))))))))))))) . 2009-05-26 17:35 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-05-26 17:35 . 2009-04-03 15:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-05-26 17:35 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-26 17:35 . 2009-05-26 17:35 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-26 17:35 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-05-26 17:34 . 2009-05-26 17:34 -------- d-----w c:\documents and settings\Ian\Application Data\PC Tools 2009-05-26 17:34 . 2009-05-26 17:34 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-05-26 16:40 . 2009-05-26 16:40 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w c:\documents and settings\Ian\Application Data\Malwarebytes 2009-05-26 15:44 . 2009-05-26 15:44 68456 ---ha-w c:\windows\system32\mlfcache.dat 2009-05-26 14:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-26 14:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 14:52 . 2009-05-26 14:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-26 02:14 . 2009-05-26 02:11 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys 2009-05-26 02:14 . 2009-05-26 02:11 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys 2009-05-26 02:14 . 2009-05-26 02:11 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys 2009-05-26 02:14 . 2009-05-26 02:10 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll 2009-05-26 02:14 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w c:\documents and settings\Ian\Local Settings\Application Data\Downloaded Installations 2009-05-26 02:11 . 2009-05-26 02:11 36400 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-05-26 02:11 . 2009-05-26 02:11 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-26 02:11 . 2009-05-26 02:11 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-05-26 02:11 . 2009-05-26 02:11 -------- d-----w c:\program files\Symantec 2009-05-26 02:11 . 2009-05-26 02:11 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys 2009-05-26 02:11 . 2009-05-26 02:11 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-05-26 02:11 . 2009-05-26 02:11 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys 2009-05-26 02:10 . 2009-05-26 02:11 1290592 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-26 02:10 . 2009-05-26 02:10 136840 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-26 02:10 . 2009-05-26 02:10 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll 2009-05-26 02:10 . 2009-05-26 02:10 796016 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-05-26 02:10 . 2009-05-26 02:10 -------- d-----w c:\windows\system32\drivers\N360 2009-05-26 02:10 . 2009-05-26 02:10 -------- d-----w c:\program files\Norton 360 2009-05-26 01:51 . 2009-05-26 01:51 -------- d-----w c:\program files\NortonInstaller 2009-05-24 02:16 . 2009-05-24 02:18 245999472 ----a-w c:\documents and settings\All Users\Application Data\Linksys\Linksys Updater\update\35A205B7-27AF-4DE7-98DC-156614EFC2DE\lela-3.11.9139.94.exe 2009-05-16 22:29 . 2009-05-16 22:29 -------- d-----w c:\documents and settings\Ian\Application Data\GetRightToGo 2009-05-16 22:25 . 2009-05-24 03:35 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard 2009-05-16 22:25 . 2009-05-30 04:22 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla! 2009-05-16 22:25 . 2009-05-16 22:25 -------- d-----w c:\program files\Common Files\iS3 2009-05-16 20:55 . 2009-05-16 20:55 -------- d-----w C:\!KillBox 2009-05-16 20:44 . 2009-05-16 20:44 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-05-16 18:14 . 2009-05-16 18:14 -------- d-----w c:\program files\iPod 2009-05-16 18:14 . 2009-05-16 18:14 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-16 18:12 . 2009-03-26 19:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-05-16 18:11 . 2009-05-16 18:11 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-16 18:10 . 2009-05-16 18:10 -------- d-----w c:\program files\Bonjour 2009-05-13 19:28 . 2009-05-13 19:28 17408 ----a-r c:\windows\system32\SZIO5.dll 2009-05-13 19:27 . 2009-05-13 19:27 294912 ----a-r c:\windows\system32\SZBase5.dll 2009-05-13 19:27 . 2009-05-13 19:27 540672 ----a-r c:\windows\system32\SZComp5.dll 2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r c:\windows\system32\drivers\SZKG.sys 2009-05-10 03:47 . 2009-05-10 03:47 -------- d-----w c:\documents and settings\Ian\Application Data\GARMIN 2009-05-10 03:47 . 2009-05-10 03:47 -------- d-----w c:\program files\Garmin GPS Plugin 2009-05-10 03:33 . 2009-05-10 03:33 -------- d-----w c:\program files\Garmin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-30 04:19 . 2009-05-29 23:45 1480 ----a-w c:\windows\system32\drivers\kgpcpy.cfg 2009-05-30 04:15 . 2008-07-17 06:14 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-26 02:22 . 2008-10-12 18:06 -------- d-----w c:\program files\Norton Support 2009-05-26 02:14 . 2007-12-23 21:23 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-26 02:11 . 2009-05-26 02:11 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-05-26 02:11 . 2009-05-26 02:11 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-26 02:11 . 2009-05-29 23:54 89104 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\NAVENG.SYS 2009-05-26 02:11 . 2009-05-29 23:54 876144 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\NAVEX15.SYS 2009-05-26 02:11 . 2009-05-29 23:54 371248 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\EECTRL.SYS 2009-05-26 02:11 . 2009-05-29 23:54 101936 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\ERASER.SYS 2009-05-26 02:11 . 2009-05-29 23:54 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys 2009-05-26 02:11 . 2009-05-29 23:54 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys 2009-05-26 02:11 . 2009-05-29 23:54 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys 2009-05-26 02:10 . 2009-05-29 23:54 177520 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\NAVENG32.DLL 2009-05-26 02:10 . 2009-05-29 23:54 1181040 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\NAVEX32A.DLL 2009-05-26 02:10 . 2009-05-29 23:54 259368 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\ECMSVR32.DLL 2009-05-26 02:10 . 2009-05-29 23:54 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll 2009-05-26 02:10 . 2009-05-29 23:54 2414128 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090529.032\CCERASER.DLL 2009-05-26 02:10 . 2008-12-28 19:36 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-05-26 02:09 . 2008-10-12 03:20 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-26 02:05 . 2008-12-28 19:31 -------- d-----w c:\documents and settings\Ian\Application Data\Symantec 2009-05-26 01:51 . 2008-10-12 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton 2009-05-16 22:22 . 2007-12-28 06:09 -------- d-----w c:\documents and settings\Ian\Application Data\Apple Computer 2009-05-16 18:14 . 2008-07-31 03:24 -------- d-----w c:\program files\Common Files\Apple 2009-05-16 14:53 . 2007-12-31 03:29 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-10 03:33 . 2008-05-26 01:31 -------- d-----w c:\program files\DIFX 2009-04-16 03:15 . 2009-04-14 23:04 -------- d-----w c:\documents and settings\Ian\Application Data\ZoomBrowser EX 2009-04-14 23:14 . 2009-04-14 23:06 -------- d-----w c:\documents and settings\Ian\Application Data\CameraWindowDC 2009-04-14 23:06 . 2009-04-14 23:06 -------- d-----w c:\documents and settings\Ian\Application Data\CANON INC 2009-04-14 22:52 . 2009-04-14 22:52 -------- d-----w c:\program files\Canon 2009-04-14 22:52 . 2009-04-14 22:52 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-14 22:47 . 2009-04-14 22:47 -------- d-----w c:\program files\Common Files\Canon 2009-04-12 17:46 . 2007-12-22 20:54 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-01 20:11 . 2009-04-01 20:08 250213280 ----a-w c:\documents and settings\All Users\Application Data\Linksys\Linksys Updater\update\807F4ECC-2754-410F-9329-B30F94D5A243\lela-3.11.9082.90.exe 2009-03-31 19:03 . 2007-12-22 21:07 85808 ----a-w c:\documents and settings\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-31 16:46 . 2009-03-10 16:24 -------- d-----w c:\program files\Java 2009-03-31 16:36 . 2009-03-31 16:36 152576 ----a-w c:\documents and settings\Ian\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-28 16:40 . 2008-07-18 04:11 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll 2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll 2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r c:\windows\system32\IS3UI5.dll 2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll 2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll 2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r c:\windows\system32\IS3Win325.dll 2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll 2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll 2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r c:\windows\system32\IS3Base5.dll 2009-03-26 19:23 . 2008-07-31 03:24 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-16 20:03 . 2009-05-29 23:54 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll 2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-03-16 18:18 . 2009-03-31 17:14 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll 2009-03-16 18:18 . 2009-03-31 17:14 517448 ----a-w c:\windows\system32\XAudio2_4.dll 2009-03-16 18:18 . 2009-03-31 17:14 235352 ----a-w c:\windows\system32\xactengine3_4.dll 2009-03-16 18:18 . 2009-03-31 17:14 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll 2009-03-10 16:25 . 2009-03-10 16:25 503808 ----a-w c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\msvcp71.dll 2009-03-10 16:25 . 2009-03-10 16:25 499712 ----a-w c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\jmc.dll 2009-03-10 16:25 . 2009-03-10 16:25 348160 ----a-w c:\documents and settings\Ian\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-64a438ba-n\msvcr71.dll 2009-03-10 16:23 . 2009-03-10 16:23 152576 ----a-w c:\documents and settings\Ian\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-03-09 19:27 . 2009-03-31 17:14 453456 ----a-w c:\windows\system32\d3dx10_41.dll 2009-03-09 19:27 . 2009-03-31 17:14 4178264 ----a-w c:\windows\system32\D3DX9_41.dll 2009-03-09 19:27 . 2009-03-31 17:14 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll 2009-03-09 09:19 . 2009-03-10 16:24 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 08:33 . 2008-07-20 03:21 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 08:33 . 2008-07-20 03:21 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-07 18:47 . 2008-01-01 03:12 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-06 14:22 . 2008-07-20 03:21 284160 ----a-w c:\windows\system32\pdh.dll 2002-07-19 15:50 . 2007-12-27 21:43 153088 ----a-w c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-01 29744] "DrvIcon"="d:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056] "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-06-13 139264] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032] "PPort11reminder"="d:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368] "Pdfquickview"="d:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe" [2003-12-22 32768] "PfuSsSct.exe"="d:\program files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 110592] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] c:\documents and settings\Ian\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-20 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - d:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-6-28 221247] MiniEYE-MiniREAD Launch.lnk - d:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2008-10-19 323584] ScanSnap Manager.lnk - d:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-1-20 991232] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl] 2008-06-14 02:39 45184 ----a-w c:\windows\system32\fsp_lmwl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Documents and Settings\\Ian\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"= "c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"= "g:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\TeamViewer3\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/26/2009 1:35 PM 130936] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [5/25/2009 10:11 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [5/25/2009 10:11 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [5/25/2009 10:11 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [5/29/2009 7:54 PM 276344] R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\Fjscan32\FJTWMKSV.exe [1/17/2009 10:28 PM 45056] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/3/2008 1:33 PM 628584] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/3/2008 1:33 PM 628584] R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [5/8/2008 4:59 PM 204800] R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/25/2009 10:11 PM 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2009 10:14 PM 101936] R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [11/6/2008 3:59 PM 10096] R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [3/27/2008 4:48 PM 36288] S0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/27/2007 5:58 PM 29744] S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032] S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [5/26/2009 1:35 PM 348752] S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5C391E95-0884-DD46-C841-2FCDD4D3FEC4}] c:\windows\system32\1045\tmp1.exe s . Contents of the 'Scheduled Tasks' folder 2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2009-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-861567501-2147238677-1003.job - c:\documents and settings\Ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 06:53] 2009-04-04 c:\windows\Tasks\User_Feed_Synchronization-{718193D4-712E-4E07-B2D6-DD235BFC2AF4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://gmail.com/ mWindow Title = Ian's Computer uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://d:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\wwws Trusted Zone: streamer.com Trusted Zone: tdameritrade.com Trusted Zone: vectorvest.com\www Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 01:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-725345543-861567501-2147238677-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1124) c:\windows\system32\fsp_lmwl.dll - - - - - - - > 'explorer.exe'(5300) d:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll d:\progra~1\SPYBOT~1\SDHelper.dll c:\windows\system32\jsproxy.dll d:\program files\Siber Systems\AI RoboForm\roboform.dll d:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . d:\program files\Lavasoft\Ad-Aware\aawservice.exe d:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\java.exe d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\program files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe c:\windows\system32\searchindexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\rundll32.exe d:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe . ************************************************************************** . Completion time: 2009-05-30 1:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-30 05:03 ComboFix2.txt 2008-01-01 19:15 ComboFix3.txt 2007-12-31 15:19 Pre-Run: 17,503,076,352 bytes free Post-Run: 17,353,822,208 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot Current=7 Default=7 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 393 --- E O F --- 2009-05-16 14:49 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:09:58 AM, on 5/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\system32\java.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Safari\Safari.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [Pdfquickview] d:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe O4 - HKLM\..\Run: [PfuSsSct.exe] d:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- End of file - 18600 bytes Thanks again for your help
  13. Hi Ron, I did everything you said but stopzilla will not uninstall. Here are the log files: DDS (Ver_09-05-14.01) - NTFSx86 Run by Ian at 0:26:55.93 on Sat 05/30/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1206 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\system32\java.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Safari\Safari.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Ian\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://gmail.com/ uWindow Title = Ian's Computer mWindow Title = Ian's Computer uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - d:\program files\stopzilla!\SZSG.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\roboform.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - d:\program files\stopzilla!\SZSG.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DrvIcon] d:\program files\vista drive icon\DrvIcon.exe mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RivaTunerStartupDaemon] "d:\program files\rivatuner v2.21\RivaTuner.exe" /S mRun: [PPort11reminder] "d:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11 \config\ereg\Ereg.ini mRun: [Pdfquickview] d:\program files\pfu\scansnap\pdf thumbnail view\pdfquickview.exe mRun: [PfuSsSct.exe] d:\program files\pfu\scansnap\PfuSsSct.exe /Station StartupFolder: c:\docume~1\ian\startm~1\programs\startup\stardo~1.lnk - d:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - d:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\miniey~1.lnk - d:\program files\infinite mind lc\eyeq\ARLaunch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - d:\program files\pfu\scansnap\driver\PfuSsMon.exe IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - file://d:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Fill Forms - file://d:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://d:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\wwws Trusted Zone: streamer.com Trusted Zone: tdameritrade.com Trusted Zone: vectorvest.com\www DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198361086319 DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199071962437 DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v53/wwspades/wwspades.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll Notify: fsp_lmwl - fsp_lmwl.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli scecli scecli ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-26 130936] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-5-25 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-5-25 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-5-25 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090528.001\IDSXpx86.sys [2009-5-29 276344] R2 aawservice;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2009-1-17 45056] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-2-3 628584] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-2-3 628584] R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-5-8 204800] R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-5-25 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-25 101936] R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [2008-11-6 10096] R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-3-27 36288] RUnknown szkg5;szkg5; [x] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-27 29744] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090529.032\NAVENG.SYS [2009-5-29 89104] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090529.032\NAVEX15.SYS [2009-5-29 876144] S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032] S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2009-5-26 348752] S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2009-5-26 1095560] S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?] =============== Created Last 30 ================ 2009-05-29 19:45 1,480 a------- c:\windows\system32\drivers\kgpcpy.cfg 2009-05-26 13:35 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-05-26 13:35 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-05-26 13:35 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-26 13:35 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-05-26 13:35 <DIR> --d----- c:\program files\common files\PC Tools 2009-05-26 13:34 <DIR> --d----- c:\docume~1\ian\applic~1\PC Tools 2009-05-26 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-05-26 12:35 <DIR> --d----- c:\docume~1\ian\applic~1\Malwarebytes 2009-05-26 11:44 68,456 a---h--- c:\windows\system32\mlfcache.dat 2009-05-26 10:52 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-05-26 10:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-25 22:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-05-25 22:11 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys 2009-05-25 22:11 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-25 22:11 60,808 a------- c:\windows\system32\S32EVNT1.DLL 2009-05-25 22:11 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-25 22:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-25 22:11 <DIR> --d----- c:\program files\Symantec 2009-05-25 22:10 <DIR> --d----- c:\windows\system32\drivers\N360 2009-05-25 22:10 <DIR> --d----- c:\program files\Norton 360 2009-05-25 21:51 <DIR> --d----- c:\program files\NortonInstaller 2009-05-16 18:29 <DIR> --d----- c:\docume~1\ian\applic~1\GetRightToGo 2009-05-16 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard 2009-05-16 18:25 <DIR> --d----- c:\program files\common files\iS3 2009-05-16 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla! 2009-05-16 16:55 <DIR> --d----- C:\!KillBox 2009-05-16 16:44 552 a------- c:\windows\system32\d3d8caps.dat 2009-05-16 14:14 <DIR> --d----- c:\program files\iPod 2009-05-16 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-16 14:12 1,900,544 a------- c:\windows\system32\usbaaplrc.dll 2009-05-16 14:10 <DIR> --d----- c:\program files\Bonjour 2009-05-13 15:28 17,408 a----r-- c:\windows\system32\SZIO5.dll 2009-05-13 15:27 294,912 a----r-- c:\windows\system32\SZBase5.dll 2009-05-13 15:27 540,672 a----r-- c:\windows\system32\SZComp5.dll 2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys 2009-05-09 23:47 <DIR> --d----- c:\docume~1\ian\applic~1\GARMIN 2009-05-09 23:47 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-05-09 23:33 <DIR> --d----- c:\program files\Garmin ==================== Find3M ==================== 2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll 2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll 2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll 2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll 2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll 2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll 2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll 2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll 2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll 2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll 2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll 2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll 2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll 2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll 2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll 2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll 2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll 2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll 2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll 2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll 2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll 2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll 2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll 2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll 2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe 2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll 2009-03-07 14:47 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll 2008-11-15 17:45 61,224 a------- c:\documents and settings\ian\GoToAssistDownloadHelper.exe 2008-04-14 05:42 23,885 ----h--- c:\docume~1\ian\applic~1\html.dat 2007-12-27 17:43 14,270 a------- c:\program files\INSTALL.LOG 2002-07-19 11:50 153,088 a------- c:\program files\UNWISE.EXE 2008-07-20 00:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072020080721\index.dat ============= FINISH: 0:27:21.29 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 12/22/2007 3:35:04 PM System Uptime: 5/30/2009 12:17:39 AM (0 hours ago) Motherboard: Dell Inc. | | 0TP412 Processor: Intel® Core2 Duo CPU E6850 @ 3.00GHz | CPU | 2992/1333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 39 GiB total, 16.042 GiB free. D: is FIXED (NTFS) - 39 GiB total, 28.292 GiB free. E: is FIXED (NTFS) - 39 GiB total, 4.512 GiB free. F: is FIXED (NTFS) - 250 GiB total, 193.106 GiB free. G: is FIXED (NTFS) - 98 GiB total, 50.783 GiB free. H: is CDROM (CDFS) I: is CDROM () J: is FIXED (NTFS) - 19 GiB total, 9.97 GiB free. K: is FIXED (NTFS) - 40 GiB total, 26.501 GiB free. L: is FIXED (NTFS) - 40 GiB total, 15.425 GiB free. M: is FIXED (NTFS) - 50 GiB total, 13.14 GiB free. N: is FIXED (NTFS) - 42 GiB total, 16.951 GiB free. O: is Removable P: is Removable Q: is Removable R: is Removable S: is Removable T: is Removable U: is Removable V: is Removable W: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) 32 bit Windows Card Reader Driver Ad-Aware Ad-Aware SE Professional Adobe Acrobat 8 Professional - English, Fran
  14. This is my RootRepeal log also under the SSDT tab ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/05/26 13:53 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== SSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x89c6f410 #: 013 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x882ad050 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x877a7dc8 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x87914050 #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x88794a38 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b3514 #: 043 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x877ab198 #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8a2282 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8a2474 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x877a7250 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x877b0438 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x8789e050 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b3d00 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b3fb8 #: 068 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x877a7ea0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf74f2fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf74f3340 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x877aafc0 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x87859050 #: 091 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x87862050 #: 097 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x88799148 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x877b0fb0 #: 114 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x881d2050 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b23fa #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x877a7fc0 #: 123 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x8790e050 #: 125 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x881d1050 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x877a7f30 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x877a7320 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf74f3418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xf74f3298 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b4422 #: 206 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x87899050 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x882b0050 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x877aade0 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "<unknown>" at address 0x881d4050 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8b37d8 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x881d3050 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x87912050 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xae8a1f32 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x89cb0430 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x89c93d08 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x877a7cf8
  15. I have had root kit on my comp. I got rid of it now Iam stuck with this. On O10 there are a few - Unknown files I have used LSPFix.exe to remove the is3lsp file but it keeps coming back. I am stuck and need some help with this. Thanks a lot for helping!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:55:50 PM, on 5/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe d:\Program Files\Lock My PC 4\lockpc.exe C:\WINDOWS\Explorer.EXE d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe D:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe D:\Program Files\PFU\ScanSnap\PfuSsSct.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\cmd.exe D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe d:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\java.exe C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe C:\WINDOWS\System32\alg.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\Program Files\Spyware Doctor\pctsTray.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Ian\Desktop\Infected Comp Help\RootRepeal.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\Safari\Safari.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ian's Computer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE- F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273- 0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572 \swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24- 76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74- 9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B- 00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DrvIcon] D:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S O4 - HKLM\..\Run: [PPort11reminder] "D:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [Pdfquickview] d:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe O4 - HKLM\..\Run: [PfuSsSct.exe] d:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station O4 - HKLM\..\Run: [iSTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32 \Macromed\Flash\FlashUtil10a.exe O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = D:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081- 5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE- C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE- C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908- 00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B- 899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134- 82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti- spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti- spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti- spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti- spyware\is3lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti- spyware\is3lsp.dll O15 - Trusted Zone: http://www.vectorvest.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...n/x86/client/wu web_site.cab?1198361086319 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu.../en/x86/client/ muweb_site.cab?1199071962437 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15102/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32 \FJTWMKSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager- 061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- End of file - 19792 bytes
  16. I have Packed.Generic.200 and Trojan Horse that Norton 360 see but can't do anything. I installed malwarebytes by renaming the exe file but now it is on the comp. but will not run. Can anyone help me?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.