I scanned my pc using mbam, it asked for a reboot to remove some files, but ow my pc wont start up, except in directory service restore mode. When i try starting up normall, i get a bunch of error messages about some executable (userinit.exe, svchost.exe, ati2exx.exe) and it doesnt do anything but display my wallpaper (cant even start the task manager). ---------------------------------------------------------------------- Here's the DDS log: DDS (Ver_10-03-17.01) - NTFSx86 DSREPAIR Run by Administrator at 1:42:16.28 on Wed 03/24/2010 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.621 [GMT 5.5:30] AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\bitdefender\bitdefender 2009\vsserv.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE F:\Anmol2\dds.com ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe mWinlogon: Taskman=c:\documents and settings\administrator\csrss.exe BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL TB: {01188d35-daf3-4a43-90aa-f1bf150207e6} - No File TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [JaaduRDPConnect] "c:\program files\jugaari\jaadu rdp connect\JaaduConnect.exe" -autostart uRun: [MSConfig] c:\documents and settings\administrator\xck.exe \u uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "d:\anmol\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [ctfmon.exe] ctfmon.exe mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe" mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe" mRun: [COMODO livePCsupport] c:\program files\comodo\livepcsupport\ELPS.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [CTFMon] d:\anmol\er\familykeylogger\ctf\ctfmon.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\9ikoe5er.default\ FF - prefs.js: browser.startup.homepage - hxxp://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=3560990|http://forums.malwarebytes.org/index.php?showtopic=44297&st=0&gopid=220062entry220062|http://forums.malwarebytes.org/index.php?showforum=41&prune_day=100&sort_by=Z-A&sort_key=last_post&topicfilter=all&st=30|http://forums.malwarebytes.org/index.php?showtopic=44213|http://forums.malwarebytes.org/index.php?showtopic=9365|http://forums.malwarebytes.org/index.php?showtopic=44206|http://forums.malwarebytes.org/index.php?showtopic=43911|http://forums.malwarebytes.org/index.php?showtopic=44122|http://www.tallemu.com/products-online-armor-free.php|http://free.agnitum.com/|http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/|http://www.javacoolsoftware.com/spywareblaster.html|http://www.bleepingcomputer.com/tutorials/tutorial49.html|http://forums.malwarebytes.org/index.php?showtopic=44297&st=0&gopid=220062entry220062|http://forums.malwarebytes.org/index.php?showtopic=9573|http://forums.malwarebytes.org/index.php?showforum=7 FF - prefs.js: network.proxy.http - 109.110.178.145 FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: d:\anmol\itunes\mozilla plugins\npitunes.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-3-17 134344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-17 25160] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-3-17 723632] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-24 370688] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-12-24 272128] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] =============== Created Last 30 ================ 2010-03-23 20:09:18 202 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-03-22 16:02:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-03-22 16:01:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-03-22 16:01:40 0 d-----w- c:\program files\SUPERAntiSpyware 2010-03-22 16:01:40 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com 2010-03-22 16:01:19 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-03-17 09:43:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo 2010-03-17 09:43:15 171552 ----a-w- c:\windows\system32\guard32.dll 2010-03-17 09:43:14 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-03-17 09:43:14 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2010-03-13 15:18:52 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2010-03-13 15:18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-13 15:18:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 15:18:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-13 15:18:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-12 16:30:12 0 ----a-w- c:\documents and settings\administrator\Desktop.ini 2010-03-10 14:15:06 0 d-----w- C:\anmolbw 2010-03-05 14:05:29 0 d-----w- c:\program files\Lionhead Studios 2010-03-05 14:01:48 0 d-----w- c:\program files\Alcohol Soft 2010-03-05 13:58:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-02 17:40:48 0 d-----w- c:\program files\Jugaari 2010-03-01 09:43:37 0 d-----w- c:\program files\Yahoo! 2010-02-28 20:48:24 0 d-----w- c:\docume~1\admini~1\applic~1\Ethereal 2010-02-28 15:41:36 0 d-----w- c:\program files\Ethereal 2010-02-28 15:40:22 0 d-----w- C:\Temp 2010-02-28 15:40:13 0 d-----w- c:\program files\AirSnare 2010-02-28 15:39:50 73 ----a-w- c:\windows\system32\-1 2010-02-28 15:39:49 0 d-----w- c:\program files\WinPcap 2010-02-28 12:04:39 130 ----a-w- c:\windows\cfplogvw.INI 2010-02-28 12:01:52 51 ----a-w- c:\windows\wininit.ini 2010-02-28 11:43:06 0 d-----w- c:\program files\COMODO 2010-02-28 11:01:06 16 ----a-w- C:\asdict.dat 2010-02-28 09:39:20 0 d-----w- c:\docume~1\admini~1\applic~1\BitDefender 2010-02-28 09:39:02 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender 2010-02-27 11:50:30 102425 ----a-w- c:\windows\system32\msvcrt2.dll 2010-02-24 07:51:09 0 d--h--w- c:\windows\PIF 2010-02-23 17:06:31 0 d-----w- c:\program files\freeSSHd 2010-02-23 16:02:54 0 d-----w- c:\program files\UltraVNC 2010-02-23 12:29:37 0 d-----w- c:\docume~1\admini~1\applic~1\SyncGuardian 2010-02-23 12:28:39 0 d-----w- c:\docume~1\admini~1\applic~1\iCloner 2010-02-23 12:28:31 0 d-----w- c:\docume~1\admini~1\applic~1\CopyTransPhoto 2010-02-23 12:27:54 0 d-----w- c:\docume~1\admini~1\applic~1\CopyTrans ==================== Find3M ==================== 2010-03-23 20:09:42 81984 ----a-w- c:\windows\system32\bdod.bin 2010-03-08 13:17:47 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2010-02-28 10:51:49 192512 ----a-w- c:\windows\system32\txmlutil.dll 2010-02-28 10:51:47 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2010-02-28 10:51:44 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys 2010-02-27 11:49:19 14336 ----a-w- c:\windows\system32\svchost.exe 2010-02-13 13:38:09 56708 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-08 06:43:26 5889937 ----a-w- c:\documents and settings\administrator\agent.exe 2010-02-08 06:38:34 0 ----a-w- c:\documents and settings\administrator\DRTCP021.exe 2010-01-15 10:35:05 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-01 14:54:01 57588 ----a-w- c:\windows\fonts\k010.TTF 2010-01-01 11:59:21 264776 ----a-w- c:\windows\system32\bda49.tmp 2009-12-25 14:19:07 110415 ----a-w- c:\windows\hpoins11.dat 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 1:42:35.89 =============== ----------------------------------------- and hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:04:41 AM, on 3/24/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\bitdefender\bitdefender 2009\vsserv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe F:\Anmol2\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {01188d35-daf3-4a43-90aa-f1bf150207e6} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: (no name) - {01188d35-daf3-4a43-90aa-f1bf150207e6} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Anmol\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [COMODO livePCsupport] C:\Program Files\COMODO\livePCsupport\ELPS.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [CTFMon] D:\Anmol\er\familykeylogger\CTF\ctfmon.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [JaaduRDPConnect] "C:\Program Files\Jugaari\Jaadu RDP Connect\JaaduConnect.exe" -autostart O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Administrator\xck.exe \u O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FreeSSHDService - Unknown owner - C:\Program Files\freeSSHd\FreeSSHDService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - c:\program files\bitdefender\bitdefender 2009\vsserv.exe -- End of file - 6596 bytes ----------------------------------------- and the latest mbam log (not of the scan that caused the problems, that's included in the zip) Malwarebytes' Anti-Malware 1.44 Database version: 3904 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 3/23/2010 11:55:34 PM mbam-log-2010-03-23 (23-55-34).txt Scan type: Quick Scan Objects scanned: 118321 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) logfiles.zip