DaytonGuy

Thanks for all of your help on this. Have a good rest of the day.

I completely understand about the P2P. He has been advised several times, but he is 16 and thinks he knows everything about everything. Eset found three items and cleaned them all. Two of them looked to be associated with "ReginOut". Should I uninstall that propgram? It looks to me like a registry cleaning program and I'm afraid he could get into more trouble than its worth by messing around with his registry. Let me know. Log below: C:\Program Files (x86)\RegInOut\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\Colin\AppData\Local\TempDIR\BetterInstaller.exe.vir Win32/Adware.Somoto.A application cleaned by deleting - quarantined C:\Users\Colin\Downloads\reginout_setup.exe a variant of Win32/Adware.AntiMalwarePro.AD application deleted - quarantined

Well....everything seems to be running fine. As I stated earlier, this is not my computer so I haven't been "using" it per se. All of the programs seem to work, things seem to open a littel faster than they did when I first got it. Did you see anyting out of the ordinary? Are there any programs that you would recomend I install that are not currently on the machine?

Thanks so much for the reply. I will tell you that I found a website last night that gave me the default settings for most of the services on the machine based on the particular windows version. I mannually edited the settings for each service and everything seems stable so far today. What I need to find out, if possible, is what disabled all of the services in the first place. If it's a virus/malware can it be removed? Your help is greatly appriciated. Here are the logs you asked for: COMBOFIX ComboFix 12-02-21.02 - Colin 02/21/2012 10:14:08.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2807.1459 [GMT -5:00] Running from: E:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DealBulldog Toolbar c:\program files (x86)\somototoolbar\vmNTemplatex.dll c:\users\Colin\AppData\Local\TempDIR c:\users\Colin\AppData\Local\TempDIR\BetterInstaller.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))))) . . 2012-02-21 05:21 . 2012-02-21 05:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-21 05:12 . 2012-02-21 05:12 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2012-02-21 04:51 . 2012-02-21 04:51 -------- d-----w- c:\program files (x86)\Temp File Cleaner 2012-02-21 04:40 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-21 04:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-21 04:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-21 04:40 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-21 04:40 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-21 04:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-21 04:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-21 04:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-21 04:40 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03D19064-ACA4-4DFC-9F0F-3F78CB0D6C43}\mpengine.dll 2012-02-21 04:38 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-21 04:38 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-21 04:38 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-21 04:38 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-21 04:38 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-21 04:38 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-21 04:38 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe 2012-02-21 04:37 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-02-21 04:37 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-02-21 04:37 . 2012-02-21 04:37 -------- d-----w- c:\programdata\AVAST Software 2012-02-21 04:37 . 2012-02-21 04:37 -------- d-----w- c:\program files\AVAST Software 2012-02-20 20:11 . 2012-02-20 20:11 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes 2012-02-20 20:11 . 2012-02-20 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-20 20:11 . 2012-02-20 20:11 -------- d-----w- c:\programdata\Malwarebytes 2012-02-20 20:11 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-17 21:39 . 2012-02-18 01:26 -------- d-----w- C:\MRI_PE_TEMP 2012-02-17 17:55 . 2012-02-17 17:55 -------- d-----w- c:\programdata\Geek Squad 2012-02-15 00:44 . 2012-02-20 20:00 -------- d-----w- c:\users\Colin\AppData\Local\ElevatedDiagnostics 2012-02-15 00:41 . 2012-02-15 00:41 -------- d-----w- c:\users\Colin\AppData\Roaming\Tific 2012-02-15 00:41 . 2012-02-15 00:41 -------- d-----w- c:\users\Colin\AppData\Local\Symantec 2012-02-15 00:40 . 2012-02-15 00:40 -------- d-----w- c:\programdata\Intel 2012-02-14 03:51 . 2012-02-14 03:51 -------- d-----w- c:\programdata\RegInOut 2012-02-14 03:51 . 2012-02-14 03:51 -------- d-----w- c:\windows\RegInOut System Utilities 2012-02-14 03:51 . 2012-02-14 03:51 -------- d-----w- c:\program files (x86)\RegInOut 2012-01-30 03:56 . 2012-01-30 03:56 -------- d-----w- c:\program files (x86)\Futuremark 2012-01-30 03:55 . 2012-01-30 03:55 -------- d-----w- c:\windows\Sun 2012-01-30 03:55 . 2012-01-30 03:55 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-01-30 03:54 . 2012-01-30 03:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-30 03:54 . 2012-01-30 03:54 -------- d-----w- c:\program files (x86)\Java 2012-01-27 04:44 . 2012-02-02 02:58 -------- d-----w- c:\users\Colin\AppData\Roaming\TS3Client 2012-01-27 04:42 . 2012-01-27 04:42 -------- d-----w- c:\program files\TeamSpeak 3 Client 2012-01-25 23:52 . 2012-02-20 21:03 -------- d-----w- c:\users\Colin\AppData\Local\CrashDumps 2012-01-25 23:51 . 2012-01-25 23:51 -------- d-----w- c:\users\Colin\AppData\Local\SWTOR 2012-01-25 17:42 . 2012-01-25 17:42 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2012-01-25 17:42 . 2012-01-25 17:42 -------- d-----w- c:\program files (x86)\Electronic Arts 2012-01-22 21:12 . 2012-02-04 17:53 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-01-22 21:12 . 2012-02-04 17:53 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic 2012-01-22 19:12 . 2012-01-22 19:12 -------- d-----w- c:\windows\SysWow64\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 05:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 03:43 . 2012-01-11 03:43 167704 ----a-w- c:\windows\system32\igfxtray.exe 2012-01-11 03:43 . 2012-01-11 03:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe 2012-01-11 03:43 . 2012-01-11 03:43 417560 ----a-w- c:\windows\system32\igfxpers.exe 2012-01-11 03:43 . 2012-01-11 03:43 239896 ----a-w- c:\windows\system32\igfxext.exe 2012-01-11 03:43 . 2012-01-11 03:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe 2012-01-11 03:43 . 2012-01-11 03:43 392984 ----a-w- c:\windows\system32\hkcmd.exe 2012-01-11 03:43 . 2012-01-11 03:43 184600 ----a-w- c:\windows\system32\difx64.exe 2012-01-11 03:37 . 2012-01-11 03:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll 2012-01-11 03:28 . 2012-01-11 03:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll 2012-01-11 03:28 . 2012-01-11 03:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2012-01-11 03:27 . 2012-01-11 03:27 867020 ----a-w- c:\windows\system32\igkrng575.bin 2012-01-11 03:27 . 2012-01-11 03:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin 2012-01-11 03:27 . 2012-01-11 03:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin 2012-01-11 03:18 . 2012-01-11 03:18 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll 2012-01-11 03:12 . 2012-01-11 03:12 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll 2012-01-11 03:06 . 2011-05-03 07:22 9528832 ----a-w- c:\windows\system32\igd10umd64.dll 2012-01-11 02:55 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2012-01-11 02:42 . 2012-01-11 02:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll 2012-01-11 02:29 . 2012-01-11 02:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc 2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc 2012-01-11 02:20 . 2012-01-11 02:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc 2012-01-11 02:20 . 2012-01-11 02:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc 2012-01-11 02:20 . 2012-01-11 02:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc 2012-01-11 02:20 . 2012-01-11 02:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc 2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc 2012-01-11 02:20 . 2012-01-11 02:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc 2012-01-11 02:20 . 2012-01-11 02:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc 2012-01-11 02:20 . 2012-01-11 02:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc 2012-01-11 02:20 . 2012-01-11 02:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc 2012-01-11 02:20 . 2012-01-11 02:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc 2012-01-11 02:20 . 2012-01-11 02:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc 2012-01-11 02:20 . 2012-01-11 02:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2012-01-11 02:20 . 2011-05-03 07:22 375808 ----a-w- c:\windows\system32\igfxpph.dll 2012-01-11 02:19 . 2012-01-11 02:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll 2012-01-11 02:19 . 2011-05-03 07:22 28672 ----a-w- c:\windows\system32\igfxexps.dll 2012-01-11 02:19 . 2011-05-03 07:22 62464 ----a-w- c:\windows\system32\igfxsrvc.dll 2012-01-11 02:19 . 2011-05-03 07:22 110080 ----a-w- c:\windows\system32\hccutils.dll 2012-01-11 02:19 . 2012-01-11 02:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2012-01-11 02:19 . 2012-01-11 02:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll 2012-01-11 02:19 . 2011-05-03 07:22 390656 ----a-w- c:\windows\system32\igfxdev.dll 2012-01-11 02:18 . 2012-01-11 02:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc 2012-01-11 02:18 . 2012-01-11 02:18 142336 ----a-w- c:\windows\system32\igfxdo.dll 2012-01-11 02:18 . 2011-05-03 07:22 9014784 ----a-w- c:\windows\system32\igfxress.dll 2012-01-11 02:15 . 2012-01-11 02:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2012-01-11 02:14 . 2012-01-11 02:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2012-01-11 02:12 . 2012-01-11 02:12 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll 2012-01-11 02:12 . 2012-01-11 02:12 98304 ----a-w- c:\windows\system32\iglhcp64.dll 2012-01-11 02:12 . 2012-01-11 02:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll 2012-01-11 02:12 . 2012-01-11 02:12 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll 2012-01-11 02:12 . 2012-01-11 02:12 376832 ----a-w- c:\windows\system32\iglhsip64.dll 2012-01-11 02:12 . 2012-01-11 02:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll 2012-01-11 02:12 . 2012-01-11 02:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2012-01-11 02:12 . 2012-01-11 02:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2012-01-11 02:12 . 2012-01-11 02:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll 2011-12-02 19:00 . 2011-12-02 19:00 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-04 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-01-05 867712] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-01-18 39528] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176] R4 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624] R4 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-04-15 1052328] R4 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-15 45736] R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744] R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 03:51] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 03:51] . 2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1433321420-4168529640-864822666-1000Core.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:49] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1433321420-4168529640-864822666-1000UA.job - c:\users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:49] . 2012-02-20 c:\windows\Tasks\RegInOut Scheduled Scan - Colin.job - c:\program files (x86)\RegInOut\RegInOut.exe [2011-12-30 19:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-01-05 860040] "lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-04-27 766632] "EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-04-27 139944] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0c\03\15\12/\00A" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE . ************************************************************************** . Completion time: 2012-02-21 10:36:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-21 15:36 . Pre-Run: 185,293,377,536 bytes free Post-Run: 184,885,415,936 bytes free . - - End Of File - - 4E7BF04572244D0AD2BDBA8E48CF3CAB FARBAR SERVICE SCANNER Farbar Service Scanner Version: 14-02-2012 Ran by Colin (administrator) on 21-02-2012 at 10:39:00 Running from "E:\" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-20 23:40] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

I'm trying to help a friend of mine out. His son's 6 month old laptop is screwed up. I don't know much about this thing other than the kid is an online gammer and an avid user of LimeWire and other torrent sites. I'm sure that is the problem here. Anyway...when I got this thing the first thing I noticed is the lack of wireless network card recognition. I also noticed the screen would dim light and dark by itself. Upon review I noticed that MOST of the services have been disabled on the computer. Once I restarted the power control service the screen dimming issue stopped. I can't seem to start the correct services required to get the wireless adaptor to work. The windows audio service is also disable...so no sound. When I try to start some of the services associated with wireless and sound I get "Error 1068: The dependency service or group failed to start." I don't don't know enough about computers to know which services should be running and which should not be. The only thing I have done is uninstall an expired version of Nortan Internet Security and run MBAM. MBAM found nothing. PLEASE NOTE: I do not have internet connectivity on this laptop. MBAM told me the database was 48 days out of date, but I can't update it without access to the internet. Would love some help anyone can. This is a Gateway laptop running Windows 7. Here are the log files: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Colin at 16:23:31 on 2012-02-20 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [Google Update] "C:\Users\Colin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{6F799CB9-9022-429F-8C10-D85C7D7C73BA} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\163786F5375736B637 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\2427F677E624561627 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\74F6021427D697 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\B4D284F6D656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{82AF96EE-4F70-4A8C-A01A-874505070F7A}\D456963756C6 : DhcpNameServer = 10.0.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO-X64: Somoto Toolbar - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-02-20 20:11:34 -------- d-----w- C:\Users\Colin\AppData\Roaming\Malwarebytes 2012-02-20 20:11:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-20 20:11:26 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-20 20:11:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-17 21:39:09 -------- d--h--w- C:\MRI_PE_TEMP 2012-02-17 17:55:23 -------- d-----w- C:\ProgramData\Geek Squad 2012-02-15 00:44:35 -------- d-----w- C:\Users\Colin\AppData\Local\ElevatedDiagnostics 2012-02-15 00:41:10 -------- d-----w- C:\Users\Colin\AppData\Roaming\Tific 2012-02-15 00:41:04 -------- d-----w- C:\Users\Colin\AppData\Local\Symantec 2012-02-14 03:51:58 -------- d-----w- C:\ProgramData\RegInOut 2012-02-14 03:51:51 -------- d-----w- C:\Windows\RegInOut System Utilities 2012-02-14 03:51:26 -------- d-----w- C:\Program Files (x86)\RegInOut 2012-02-11 23:38:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{426DDA48-60F2-4CB2-B0D1-01596A7A66A0}\offreg.dll 2012-02-10 14:16:10 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{426DDA48-60F2-4CB2-B0D1-01596A7A66A0}\mpengine.dll 2012-01-30 03:56:12 -------- d-----w- C:\Program Files (x86)\Futuremark 2012-01-30 03:54:49 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-27 04:44:31 -------- d-----w- C:\Users\Colin\AppData\Roaming\TS3Client 2012-01-27 04:42:27 -------- d-----w- C:\Program Files\TeamSpeak 3 Client 2012-01-25 23:52:21 -------- d-----w- C:\Users\Colin\AppData\Local\CrashDumps 2012-01-25 23:51:53 -------- d-----w- C:\Users\Colin\AppData\Local\SWTOR 2012-01-25 17:42:45 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2012-01-22 21:12:23 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-01-22 21:12:22 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic 2012-01-22 19:12:26 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-01-22 00:05:16 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2012-01-21 23:57:19 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync . ==================== Find3M ==================== . 2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-11 03:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe 2012-01-11 03:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe 2012-01-11 03:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe 2012-01-11 03:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe 2012-01-11 03:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe 2012-01-11 03:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe 2012-01-11 03:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe 2012-01-11 03:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll 2012-01-11 03:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll 2012-01-11 03:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys 2012-01-11 03:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin 2012-01-11 03:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin 2012-01-11 03:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin 2012-01-11 03:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin 2012-01-11 03:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin 2012-01-11 03:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin 2012-01-11 03:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll 2012-01-11 03:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll 2012-01-11 03:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll 2012-01-11 02:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll 2012-01-11 02:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll 2012-01-11 02:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll 2012-01-11 02:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll 2012-01-11 02:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll 2012-01-11 02:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll 2012-01-11 02:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll 2012-01-11 02:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll 2012-01-11 02:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll 2012-01-11 02:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll 2012-01-11 02:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc 2012-01-11 02:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll 2012-01-11 02:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll 2012-01-11 02:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll 2012-01-11 02:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll 2012-01-11 02:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll 2012-01-11 02:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll 2012-01-11 02:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll 2012-01-11 02:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll 2012-01-11 02:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll 2012-01-11 02:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll 2012-01-11 02:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll 2012-01-11 02:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll 2012-01-11 02:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 16:24:15.63 =============== ATTACHE.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.1 MUI Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Backup Manager Basic Best Buy pc app Bing Bar Click to Call with Skype CyberLink PowerDVD 9 D3DX10 Futuremark SystemInfo Galerie de photos Windows Live Gateway MyBackup Gateway Power Management Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Social Networks Gateway Updater Google Chrome Google Toolbar for Internet Explorer Google Update Helper Guild Wars Guitar Pro 6 Demo Identity Card Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 30 Junk Mail filter update Killing Floor Launch Manager Lexmark Printable Web Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo Malwarebytes Anti-Malware version 1.60.1.1000 Mesh Runtime Microsoft Office Standard Edition 2003 Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Express 10 Nero Express 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RegInOut System Utilities Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Skype™ 5.5 Star Wars: The Old Republic StarCraft II Steam swMSM Tetromino Revolution 1.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Video Web Camera Vuze Vuze Trial FileBulldog Toolbar Welcome Center Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinZip 15.0 World of Warcraft . ==== End Of File ===========================

Thanks again.... I guess you can close this one out.

THANK YOU SO MUCH!!! My computer is clean and seams to run faster than it has in a long time. You have been a great help! Two question...... Should I run DeFogger and renable my CD Emulation drivers? Can/should I periodically run the TFC by oldtimer to clear all of my temporary files? Thanks again for all of you help!

Still no luck with the ESET Scanner. Below is the log from Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, June 19, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, June 19, 2010 18:03:05 Records in database: 4297581 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 177685 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 04:17:35 No threats found. Scanned area is clean. Selected area has been scanned.

OK...here is the first log from MBR Rootkit... Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK I ran the TFC and it needed a reboot. Everything came back fine. I'm having trouble running the online scanner. When I get to the point of accepting the terms and clicking Start...I can see the application loading, but when it gets finnished and I expect to see a bar at the top asking me to run the ActiveX component, it instead, bleeps and the screen returns to the point where I have to accpet the the terms and click Start. Like it's caugh in a loop. I acutally had the same problem when I tried to downlaod the new version of Adobe Reader, but they had a link to download the file directly and bypass the ActiveX. I have a felling this is a simple setting on my braowser rather than an infection, but I have no idea what setting it would be.

melboy, Thanks for the reply and I really appriciate your help on this. Below is the TDSSKiller log you requested. It did find one file object that was removed upon reboot. What do you recommend as my next move? 23:17:28:984 11752 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 23:17:28:984 11752 ================================================================================ 23:17:28:984 11752 SystemInfo: 23:17:28:984 11752 OS Version: 5.1.2600 ServicePack: 3.0 23:17:28:984 11752 Product type: Workstation 23:17:28:984 11752 ComputerName: DESKTOP1 23:17:28:984 11752 UserName: Family 23:17:28:984 11752 Windows directory: C:\WINDOWS 23:17:28:984 11752 Processor architecture: Intel x86 23:17:28:984 11752 Number of processors: 2 23:17:28:984 11752 Page size: 0x1000 23:17:28:984 11752 Boot type: Normal boot 23:17:28:984 11752 ================================================================================ 23:17:29:171 11752 Initialize success 23:17:29:171 11752 23:17:29:171 11752 Scanning Services ... 23:17:29:468 11752 Raw services enum returned 403 services 23:17:29:468 11752 23:17:29:468 11752 Scanning Drivers ... 23:17:31:312 11752 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys 23:17:31:390 11752 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 23:17:31:437 11752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:17:31:500 11752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:17:31:546 11752 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 23:17:31:593 11752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 23:17:31:625 11752 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 23:17:31:656 11752 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 23:17:31:687 11752 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 23:17:31:734 11752 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 23:17:31:796 11752 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 23:17:31:828 11752 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 23:17:31:906 11752 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 23:17:31:984 11752 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 23:17:32:062 11752 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 23:17:32:109 11752 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 23:17:32:171 11752 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 23:17:32:250 11752 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 23:17:32:296 11752 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 23:17:32:375 11752 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 23:17:32:437 11752 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 23:17:32:484 11752 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 23:17:32:546 11752 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys 23:17:32:593 11752 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys 23:17:32:656 11752 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys 23:17:32:734 11752 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys 23:17:32:796 11752 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys 23:17:32:859 11752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:17:32:890 11752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:17:32:984 11752 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys 23:17:33:015 11752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:17:33:078 11752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:17:33:140 11752 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 23:17:33:156 11752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:17:33:187 11752 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 23:17:33:250 11752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:17:33:359 11752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 23:17:33:421 11752 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 23:17:33:453 11752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:17:33:500 11752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 23:17:33:515 11752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:17:33:562 11752 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 23:17:33:578 11752 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 23:17:33:656 11752 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 23:17:33:734 11752 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 23:17:33:812 11752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 23:17:33:859 11752 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 23:17:33:890 11752 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 23:17:33:921 11752 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS 23:17:33:921 11752 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 23:17:34:031 11752 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 23:17:34:109 11752 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 23:17:34:359 11752 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 23:17:34:562 11752 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 23:17:34:687 11752 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 23:17:35:093 11752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 23:17:35:171 11752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 23:17:35:234 11752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:17:35:281 11752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 23:17:35:312 11752 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 23:17:35:328 11752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 23:17:35:406 11752 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 23:17:35:453 11752 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 23:17:35:578 11752 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 23:17:35:656 11752 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 23:17:35:687 11752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 23:17:35:718 11752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 23:17:35:765 11752 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 23:17:35:812 11752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 23:17:35:859 11752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 23:17:35:921 11752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 23:17:35:937 11752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:17:35:953 11752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:17:36:000 11752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 23:17:36:015 11752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:17:36:046 11752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 23:17:36:093 11752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:17:36:140 11752 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 23:17:36:218 11752 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 23:17:36:281 11752 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 23:17:36:328 11752 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 23:17:36:406 11752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 23:17:36:453 11752 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 23:17:36:484 11752 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 23:17:36:500 11752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:17:36:531 11752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:17:36:578 11752 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 23:17:36:640 11752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 23:17:36:703 11752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 23:17:36:781 11752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 23:17:36:843 11752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:17:36:906 11752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:17:36:953 11752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:17:36:968 11752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:17:37:000 11752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:17:37:031 11752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:17:37:062 11752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:17:37:109 11752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 23:17:37:171 11752 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 23:17:37:250 11752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 23:17:37:281 11752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 23:17:37:343 11752 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 23:17:37:390 11752 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 23:17:37:468 11752 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys 23:17:37:515 11752 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys 23:17:37:687 11752 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 23:17:37:781 11752 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\4.tmp 23:17:37:828 11752 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys 23:17:37:890 11752 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys 23:17:37:937 11752 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 23:17:38:015 11752 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 23:17:38:062 11752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:17:38:140 11752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 23:17:38:187 11752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:17:38:265 11752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:17:38:312 11752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 23:17:38:390 11752 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 23:17:38:453 11752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:17:38:531 11752 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:17:38:562 11752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 23:17:38:640 11752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:17:38:718 11752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:17:38:781 11752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 23:17:38:859 11752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:17:38:921 11752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 23:17:39:000 11752 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 23:17:39:093 11752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 23:17:39:140 11752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 23:17:39:203 11752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 23:17:39:250 11752 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:17:39:281 11752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:17:39:328 11752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:17:39:375 11752 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 23:17:39:406 11752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:17:39:437 11752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:17:39:468 11752 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys 23:17:39:546 11752 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys 23:17:39:593 11752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 23:17:39:656 11752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 23:17:39:703 11752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:17:39:906 11752 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 23:17:40:015 11752 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys 23:17:40:093 11752 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys 23:17:40:156 11752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:17:40:218 11752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:17:40:312 11752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 23:17:40:359 11752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 23:17:40:406 11752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 23:17:40:453 11752 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 23:17:40:453 11752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 23:17:40:500 11752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 23:17:40:531 11752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 23:17:40:593 11752 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 23:17:40:687 11752 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 23:17:40:750 11752 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 23:17:40:796 11752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:17:40:812 11752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 23:17:40:828 11752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 23:17:40:828 11752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:17:40:875 11752 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 23:17:40:906 11752 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 23:17:40:953 11752 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 23:17:41:015 11752 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 23:17:41:078 11752 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 23:17:41:156 11752 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 23:17:41:234 11752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:17:41:296 11752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:17:41:343 11752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:17:41:390 11752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:17:41:453 11752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:17:41:515 11752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:17:41:609 11752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 23:17:41:687 11752 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 23:17:41:734 11752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:17:41:781 11752 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys 23:17:41:828 11752 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys 23:17:41:890 11752 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys 23:17:41:937 11752 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys 23:17:42:000 11752 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys 23:17:42:078 11752 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 23:17:42:078 11752 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 23:17:42:125 11752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:17:42:156 11752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 23:17:42:171 11752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 23:17:42:187 11752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 23:17:42:250 11752 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 23:17:42:328 11752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 23:17:42:359 11752 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 23:17:42:390 11752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 23:17:42:437 11752 SQTECH9052 (69b4ad63ab4e4329773efa33c69c1943) C:\WINDOWS\system32\Drivers\Capt9052.sys 23:17:42:484 11752 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys 23:17:42:515 11752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 23:17:42:531 11752 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 23:17:42:625 11752 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys 23:17:42:703 11752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 23:17:42:734 11752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:17:42:750 11752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 23:17:42:781 11752 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 23:17:42:812 11752 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 23:17:42:828 11752 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 23:17:42:875 11752 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 23:17:42:937 11752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 23:17:43:000 11752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:17:43:093 11752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:17:43:171 11752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 23:17:43:234 11752 TermDD (ce0d0569d88cba0d572e8a8d1b95faa6) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:17:43:234 11752 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: ce0d0569d88cba0d572e8a8d1b95faa6, Fake md5: 88155247177638048422893737429d9e 23:17:43:234 11752 File "C:\WINDOWS\system32\DRIVERS\termdd.sys" infected by TDSS rootkit ... 23:17:44:359 11752 Backup copy found, using it.. 23:17:44:375 11752 will be cured on next reboot 23:17:44:500 11752 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 23:17:44:562 11752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 23:17:44:609 11752 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 23:17:44:687 11752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 23:17:44:734 11752 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 23:17:44:781 11752 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 23:17:44:843 11752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 23:17:44:906 11752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:17:44:968 11752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:17:45:015 11752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:17:45:031 11752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 23:17:45:046 11752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:17:45:062 11752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:17:45:125 11752 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 23:17:45:203 11752 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 23:17:45:250 11752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:17:45:312 11752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:17:45:359 11752 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 23:17:45:390 11752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 23:17:45:421 11752 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 23:17:45:453 11752 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 23:17:45:484 11752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 23:17:45:500 11752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:17:45:531 11752 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 23:17:45:593 11752 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 23:17:45:640 11752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 23:17:45:671 11752 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 23:17:45:718 11752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 23:17:45:781 11752 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 23:17:45:843 11752 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 23:17:45:859 11752 Reboot required for cure complete.. 23:17:46:109 11752 Cure on reboot scheduled successfully 23:17:46:109 11752 23:17:46:109 11752 Completed 23:17:46:109 11752 23:17:46:109 11752 Results: 23:17:46:109 11752 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 23:17:46:109 11752 File objects infected / cured / cured on reboot: 1 / 0 / 1 23:17:46:109 11752 23:17:46:109 11752 KLMD(ARK) unloaded successfully

Logs as directed... MBAM LOG.................... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4211 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/18/2010 10:29:18 AM mbam-log-2010-06-18 (10-29-18).txt Scan type: Quick scan Objects scanned: 151087 Time elapsed: 9 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOG..................... DDS (Ver_10-03-17.01) - NTFSx86 Run by Family at 9:10:44.65 on Fri 06/18/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.374 [GMT -4:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\AOL\1170023727\ee\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Family\Desktop\Removal Tools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123 uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Attach.zip

just a bump to keep it on the first page.....

About 3-4 weeks ago I started getting these random popup windows from Internet explorer. They alway contain a dialog box requiring action of some time. I alway ctrl-alt-del out of IE. Since the popups started, I get occasional errors with my sound device causing my volume control to stop working. When I reboot, I can't get on the internet. When I try to repair my connection it errors with "can not renew your IP address." Sometimes I use netsh to restore my winsock log and/or reset my TCP/IP log and upon reboot I get internet connectivity. Recently it has become more stubborn and the resets will not work. Eventually, I get my connection back, but I can't determine what fixes it other than letting the computer sit for a while??? I've run several malware and virus scanner software and can't seem to find anything other than cookies. Below is my most recent MBAM log (from earlier this week) and the DDS log as instructed. I have also attached the other files to this post. Any help would be GREAT!!!!! MBAM LOG.................... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4190 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2010 2:15:53 AM mbam-log-2010-06-12 (02-15-53).txt Scan type: Full scan (C:\|) Objects scanned: 316515 Time elapsed: 2 hour(s), 21 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOG..................... DDS (Ver_10-03-17.01) - NTFSx86 Run by Family at 9:10:44.65 on Fri 06/18/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.374 [GMT -4:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\AOL\1170023727\ee\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Family\Desktop\Removal Tools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070123 uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://woz.commtechlab.msu.edu/courses/447sp04/oregontrail/play.htm" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-15 164048] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-5-24 1872320] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-15 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-15 40384] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-15 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-15 40384] S2 gupdate1c98ea65d97ee8;Google Update Service (gupdate1c98ea65d97ee8);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4.tmp [2010-6-12 6144] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-30 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-30 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-30 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-30 40552] S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2008-12-25 38656] =============== Created Last 30 ================ 2010-06-18 13:09:09 0 ----a-w- c:\documents and settings\family\defogger_reenable 2010-06-16 02:03:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-06-12 19:03:55 6144 ------w- c:\windows\system32\4.tmp 2010-06-12 19:03:41 6144 ------w- c:\windows\system32\3.tmp 2010-06-12 15:38:26 0 d-----w- c:\docume~1\family\applic~1\SUPERAntiSpyware.com 2010-06-12 15:38:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-12 15:38:13 0 d-----w- c:\program files\SUPERAntiSpyware 2010-06-12 11:09:36 0 d-----w- c:\program files\Sophos 2010-06-07 19:27:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-06-07 18:24:40 0 d-----w- c:\program files\Emsisoft Anti-Malware 2010-06-07 17:36:48 0 d-----w- c:\program files\Windows Installer Clean Up 2010-06-07 17:36:33 0 d-----w- c:\program files\MSECACHE 2010-05-27 10:48:31 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-26 11:40:32 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-05-25 01:14:38 0 d-----w- c:\program files\a-squared Free ==================== Find3M ==================== 2010-06-06 01:39:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-06 01:39:26 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-12-30 03:06:31 88 --sh--r- c:\windows\system32\F9C8F36A30.sys 2009-12-30 03:15:00 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-04 04:08:04 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-08-29 02:19:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat ============= FINISH: 9:12:38.51 =============== Attach.zip

Hello, In the resent past (a month or two) I noticed that I started getting popup windows while surfing the net. All of them pop up a new instance of IE and they all produce a dialog box saying I have won something or I need virus protection or something similar and I need to "click here". I always ctr-alt-del and shut down IE. Since the popups have started, I will get periodic error messages about my sound mixer device and then my volume control stops working. When I reboot, I have no internet connection. I have to run netsh winsock reset catalog then reboot to get my internet connection back. The other thing I noticed is that when I launch IE, the computer loads two instances of the program when I look at the running processes. If I kill one of them, the both go. I have run several malware programs and they have found nothing..... That's about all I know at this point. I'm not sure if I have a mjor security compromise, but it is really annoying that I have to reboot and then reset winsock about once a day. Any help would be great! Thanks