Need help with Rootkit

[jh1193]

Ok, my computer has been slow for awhile, and i asked 1 of my friends. He did some scan and said i had a rootkit, and to come here. I have the logs, here they are.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:25:48, on 7/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)

O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MrobeService - American Megatrends Inc. - (no file)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 12327 bytes

-----------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.38

Database version: 2402

Windows 5.1.2600 Service Pack 3

7/29/2009 12:37:01 PM

mbam-log-2009-07-29 (12-36-56).txt

Scan type: Quick Scan

Objects scanned: 88832

Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\gxvxccounter (Trojan.DNSChanger) -> No action taken.

Thanks for the help.

[sjpritch25]

Welcome to Malwarebytes!!!!

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

• Extract the archive to a folder you create such as C:\RootRepeal
  
• Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  
• Click the "File" tab (located at the bottom of the RootRepeal screen)
  
• Click the "Scan" button
  
• In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  
• Click OK and the file scan will begin
  
• When the scan is done, there will be files listed, but most if not all of them will be legitimate
  
• Click the "Save Report" Button
  
• Save the log file to your Documents folder
  
• Post the content of the RootRepeal file scan log in your next reply.
  

[jh1193]

The scan came up with nothing.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/02 22:25

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

[sjpritch25]

Please download Sysprot Antirootkit

Unzip it into a folder on your desktop.

• Double-Click Sysprot.exe to start the program.
  
• Click on the log tab.
  
• In the Write to log box select all items.
  
• Click on the Create Log button on the Bottom Right.
  
• After a few seconds a new windows should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted too.
  
• Open the text file and copy/paste the log here
  

[jh1193]

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

Process:

Name: [system Idle Process]

PID: 0

Hidden: No

Window Visible: No

Name: System

PID: 4

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\smss.exe

PID: 772

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe

PID: 812

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe

PID: 836

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\services.exe

PID: 880

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe

PID: 892

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1080

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1148

Hidden: No

Window Visible: No

Name: C:\Program Files\Windows Defender\MsMpEng.exe

PID: 1272

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1312

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1444

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1596

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\LEXBCES.EXE

PID: 1780

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\LEXPPS.EXE

PID: 1804

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe

PID: 1824

Hidden: No

Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe

PID: 1916

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 2008

Hidden: No

Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PID: 184

Hidden: No

Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PID: 176

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

PID: 212

Hidden: No

Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe

PID: 240

Hidden: No

Window Visible: No

Name: C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

PID: 308

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\fsproflt.exe

PID: 532

Hidden: No

Window Visible: No

Name: C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PID: 724

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe

PID: 796

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\lxducoms.exe

PID: 1380

Hidden: No

Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

PID: 1412

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe

PID: 1544

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1660

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe

PID: 356

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\alg.exe

PID: 2372

Hidden: No

Window Visible: No

Name: C:\WINDOWS\explorer.exe

PID: 2496

Hidden: No

Window Visible: No

Name: C:\Program Files\Analog Devices\Core\smax4pnp.exe

PID: 2672

Hidden: No

Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

PID: 2240

Hidden: No

Window Visible: No

Name: C:\Program Files\Real\RealPlayer\realplay.exe

PID: 2216

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\dla\tfswctrl.exe

PID: 1968

Hidden: No

Window Visible: No

Name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe

PID: 396

Hidden: No

Window Visible: No

Name: C:\Program Files\Logitech\iTouch\iTouch.exe

PID: 2712

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe

PID: 2792

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe

PID: 2848

Hidden: No

Window Visible: No

Name: C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

PID: 744

Hidden: No

Window Visible: No

Name: C:\Program Files\My Lockbox\mylbx.exe

PID: 3464

Hidden: No

Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe

PID: 3660

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 3816

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

PID: 3824

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

PID: 3836

Hidden: No

Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PID: 3892

Hidden: No

Window Visible: No

Name: C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

PID: 3600

Hidden: No

Window Visible: No

Name: C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

PID: 4008

Hidden: No

Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe

PID: 4052

Hidden: No

Window Visible: No

Name: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

PID: 2040

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe

PID: 2988

Hidden: No

Window Visible: No

Name: C:\Program Files\uTorrent\uTorrent.exe

PID: 1616

Hidden: No

Window Visible: No

Name: C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

PID: 3036

Hidden: No

Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe

PID: 3052

Hidden: No

Window Visible: No

Name: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

PID: 2028

Hidden: No

Window Visible: No

Name: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

PID: 3696

Hidden: No

Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 5048

Hidden: No

Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 4400

Hidden: No

Window Visible: No

Name: C:\WINDOWS\explorer.exe

PID: 3192

Hidden: No

Window Visible: No

Name: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

PID: 2736

Hidden: No

Window Visible: No

Name: C:\Documents and Settings\Jeremy Helstrom\Desktop\SysProt\SysProt.exe

PID: 6060

Hidden: No

Window Visible: Yes

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \systemroot\system32\drivers\gxvxcltujnreoyepliqjsppfpdnmjaosixgnt.sys

Service Name: gxvxcserv.sys

Module Base: ---

Module End: ---

Hidden: Yes

Module Name: \??\C:\Documents and Settings\Jeremy Helstrom\Desktop\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: AE5DF000

Module End: AE5EA000

Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe

Service Name: ---

Module Base: 804D7000

Module End: 806ED700

Hidden: No

Module Name: \WINDOWS\system32\hal.dll

Service Name: ---

Module Base: 806EE000

Module End: 8070E300

Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL

Service Name: ---

Module Base: F7987000

Module End: F7989000

Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll

Service Name: ---

Module Base: F7897000

Module End: F789A000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys

Service Name: ACPI

Module Base: F75A8000

Module End: F75D6000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS

Service Name: ---

Module Base: F7989000

Module End: F798B000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys

Service Name: PCI

Module Base: F7597000

Module End: F75A8000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys

Service Name: isapnp

Module Base: F75F7000

Module End: F7601000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys

Service Name: PCIIde

Module Base: F7A4F000

Module End: F7A50000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Service Name: ---

Module Base: F7707000

Module End: F770E000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys

Service Name: IntelIde

Module Base: F798B000

Module End: F798D000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys

Service Name: MountMgr

Module Base: F7607000

Module End: F7612000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys

Service Name: Disk

Module Base: F74D8000

Module End: F74F7000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys

Service Name: PartMgr

Module Base: F770F000

Module End: F7714000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys

Service Name: VolSnap

Module Base: F7617000

Module End: F7624000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys

Service Name: atapi

Module Base: F74C0000

Module End: F74D8000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys

Service Name: ---

Module Base: F7627000

Module End: F7630000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Service Name: ---

Module Base: F7637000

Module End: F7644000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys

Service Name: FltMgr

Module Base: F74A0000

Module End: F74C0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys

Service Name: sr

Module Base: F748E000

Module End: F74A0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\FSPFltd.sys

Service Name: FSProFilter

Module Base: F7647000

Module End: F7650000

Hidden: No

Module Name: \WINDOWS\System32\Drivers\ksecdd.sys

Service Name: KSecDD

Module Base: F7477000

Module End: F748E000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys

Service Name: drvmcdb

Module Base: F7462000

Module End: F7477000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys

Service Name: PxHelp20

Module Base: F7717000

Module End: F771C000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys

Service Name: Ntfs

Module Base: F7B52000

Module End: F7BDF000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys

Service Name: NDIS

Module Base: F7435000

Module End: F7462000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys

Service Name: Mup

Module Base: F741B000

Module End: F7435000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Service Name: intelppm

Module Base: F76D7000

Module End: F76E0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

Service Name: ialm

Module Base: B9550000

Module End: B961B000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Service Name: ---

Module Base: B953C000

Module End: B9550000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Service Name: usbuhci

Module Base: F7767000

Module End: F776D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Service Name: ---

Module Base: B9518000

Module End: B953C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Service Name: usbehci

Module Base: F776F000

Module End: F7777000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys

Service Name: E100B

Module Base: B94F2000

Module End: B9518000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys

Service Name: Fdc

Module Base: F7777000

Module End: F777E000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys

Service Name: Serial

Module Base: F76E7000

Module End: F76F7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys

Service Name: serenum

Module Base: BA7E8000

Module End: BA7EC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys

Service Name: Parport

Module Base: B94DE000

Module End: B94F2000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys

Service Name: Imapi

Module Base: F76F7000

Module End: F7702000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys

Service Name: sscdbhk5

Module Base: F79B5000

Module End: F79B7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Service Name: Cdrom

Module Base: F7587000

Module End: F7597000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys

Service Name: redbook

Module Base: F7577000

Module End: F7586000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys

Service Name: ---

Module Base: B94BB000

Module End: B94DE000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys

Service Name: GEARAspiWDM

Module Base: F7567000

Module End: F7571000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\smwdm.sys

Service Name: smwdm

Module Base: B947B000

Module End: B94BB000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys

Service Name: ---

Module Base: B9457000

Module End: B947B000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys

Service Name: ---

Module Base: F7557000

Module End: F7566000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\senfilt.sys

Service Name: senfilt

Module Base: B93A4000

Module End: B9457000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys

Service Name: audstub

Module Base: F7A73000

Module End: F7A74000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Service Name: Rasl2tp

Module Base: F7547000

Module End: F7554000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Service Name: NdisTapi

Module Base: BA7E0000

Module End: BA7E3000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Service Name: NdisWan

Module Base: B938D000

Module End: B93A4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Service Name: RasPppoe

Module Base: F7537000

Module End: F7542000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Service Name: PptpMiniport

Module Base: F7527000

Module End: F7533000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Service Name: ---

Module Base: F777F000

Module End: F7784000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys

Service Name: PSched

Module Base: B937C000

Module End: B938D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Service Name: Gpc

Module Base: F7517000

Module End: F7520000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Service Name: Ptilink

Module Base: F7787000

Module End: F778C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys

Service Name: Raspti

Module Base: F778F000

Module End: F7794000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys

Service Name: odysseyIM3

Module Base: F74F7000

Module End: F7506000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys

Service Name: TermDD

Module Base: BA6B4000

Module End: BA6BE000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Service Name: Kbdclass

Module Base: F7797000

Module End: F779D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Service Name: Mouclass

Module Base: F779F000

Module End: F77A5000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys

Service Name: swenum

Module Base: F79B9000

Module End: F79BB000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys

Service Name: Update

Module Base: B931E000

Module End: B937C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Service Name: mssmbios

Module Base: BA7D0000

Module End: BA7D4000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Service Name: NDProxy

Module Base: B9FC6000

Module End: B9FD0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Service Name: usbhub

Module Base: B9FA6000

Module End: B9FB5000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Service Name: ---

Module Base: F79DB000

Module End: F79DD000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Service Name: Flpydisk

Module Base: B9643000

Module End: B9648000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Service Name: i2omgmt

Module Base: B996C000

Module End: B996F000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Service Name: Fs_Rec

Module Base: F79DD000

Module End: F79DF000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS

Service Name: Null

Module Base: F7AAE000

Module End: F7AAF000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS

Service Name: Beep

Module Base: F79DF000

Module End: F79E1000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys

Service Name: ssrtln

Module Base: B9633000

Module End: B9639000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Service Name: ---

Module Base: B962B000

Module End: B9632000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys

Service Name: VgaSave

Module Base: B9623000

Module End: B9629000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Service Name: mnmdd

Module Base: F79E1000

Module End: F79E3000

Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Service Name: RDPCDD

Module Base: F79E3000

Module End: F79E5000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS

Service Name: Msfs

Module Base: B961B000

Module End: B9620000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS

Service Name: Npfs

Module Base: F77CF000

Module End: F77D7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Service Name: RasAcd

Module Base: F7927000

Module End: F792A000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Service Name: IPSec

Module Base: B04CA000

Module End: B04DD000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Service Name: Tcpip

Module Base: B0471000

Module End: B04CA000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys

Service Name: AvgTdiX

Module Base: B0458000

Module End: B0471000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys

Service Name: NetBT

Module Base: B0430000

Module End: B0458000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys

Service Name: WS2IFSL

Module Base: F792F000

Module End: F7932000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys

Service Name: AFD

Module Base: B040E000

Module End: B0430000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys

Service Name: NetBIOS

Module Base: B9F76000

Module End: B9F7F000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

Service Name: ssmdrv

Module Base: F77D7000

Module End: F77DD000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Service Name: Rdbss

Module Base: B03E3000

Module End: B040E000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Service Name: MRxSmb

Module Base: B0373000

Module End: B03E3000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS

Service Name: Fips

Module Base: B9F66000

Module End: B9F71000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Service Name: IpNat

Module Base: B034D000

Module End: B0373000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Service Name: Wanarp

Module Base: B9F56000

Module End: B9F5F000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\FileDisk.SYS

Service Name: FileDisk

Module Base: BA7FC000

Module End: BA7FF000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys

Service Name: avipbb

Module Base: B0254000

Module End: B0270000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys

Service Name: AvgMfx86

Module Base: F77EF000

Module End: F77F5000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys

Service Name: AvgLdx86

Module Base: B0186000

Module End: B01D7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Service Name: HidUsb

Module Base: B90AC000

Module End: B90AF000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Service Name: ---

Module Base: F7667000

Module End: F7670000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Service Name: mouhid

Module Base: B90A8000

Module End: B90AB000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Service Name: usbccgp

Module Base: F77FF000

Module End: F7807000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\LHidUsb.Sys

Service Name: LHidUsb

Module Base: F7697000

Module End: F76A0000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Service Name: kbdhid

Module Base: B90A0000

Module End: B90A4000

Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

Service Name: avgio

Module Base: F79FB000

Module End: F79FD000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Service Name: Cdfs

Module Base: AF513000

Module End: AF523000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys

Service Name: ---

Module Base: B0339000

Module End: B033C000

Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys

Service Name: ---

Module Base: B04DD000

Module End: B04E2000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys

Service Name: ---

Module Base: F7AA4000

Module End: F7AA5000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys

Service Name: avgntflt

Module Base: AF2D9000

Module End: AF2ED000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys

Service Name: drvnddm

Module Base: BA684000

Module End: BA68E000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys

Service Name: tfsndres

Module Base: F7A81000

Module End: F7A82000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys

Service Name: tfsnifs

Module Base: AF2C3000

Module End: AF2D9000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys

Service Name: tfsnopio

Module Base: AF35D000

Module End: AF361000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys

Service Name: tfsnpool

Module Base: F7A05000

Module End: F7A07000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys

Service Name: tfsnboio

Module Base: F77DF000

Module End: F77E6000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys

Service Name: tfsncofs

Module Base: BA674000

Module End: BA67D000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys

Service Name: tfsndrct

Module Base: F7A83000

Module End: F7A84000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys

Service Name: tfsnudf

Module Base: AF282000

Module End: AF29B000

Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys

Service Name: tfsnudfa

Module Base: AF269000

Module End: AF282000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Service Name: Ndisuio

Module Base: AF2ED000

Module End: AF2F1000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Service Name: MRxDAV

Module Base: AEFBC000

Module End: AEFE9000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS

Service Name: ASCTRM

Module Base: F79AB000

Module End: F79AD000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys

Service Name: Srv

Module Base: AEDDA000

Module End: AEE2C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys

Service Name: Secdrv

Module Base: AEEF4000

Module End: AEEFE000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys

Service Name: wdmaud

Module Base: AE75D000

Module End: AE772000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys

Service Name: sysaudio

Module Base: AE842000

Module End: AE851000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys

Service Name: HTTP

Module Base: AE197000

Module End: AE1D8000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Service Name: Fastfat

Module Base: AD6CC000

Module End: AD6F0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys

Service Name: kmixer

Module Base: AD6A1000

Module End: AD6CC000

Hidden: No

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwCreateKey

Address: BA2CF4D6

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwCreateThread

Address: BA2CF4CC

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwDeleteKey

Address: BA2CF4DB

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwDeleteValueKey

Address: BA2CF4E5

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwLoadKey

Address: BA2CF4EA

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwOpenProcess

Address: BA2CF4B8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwOpenThread

Address: BA2CF4BD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwReplaceKey

Address: BA2CF4F4

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwRestoreKey

Address: BA2CF4EF

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwSetValueKey

Address: BA2CF4E0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwTerminateProcess

Address: BA2CF4C7

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

********************************************************************************

**********

********************************************************************************

**********

No IRP Hooks found

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4596

Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS

Type: TCP

Process: C:\Program Files\Windows Defender\MSASCui.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4526

Remote Address: YO-IN-F155.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4500

Remote Address: YO-IN-F156.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4498

Remote Address: YO-IN-F157.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4496

Remote Address: YO-IN-F157.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4494

Remote Address: YO-IN-F164.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4416

Remote Address: VW-IN-F138.GOOGLE.COM:HTTP

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4408

Remote Address: A72-247-238-202.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4393

Remote Address: A72-247-238-203.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4391

Remote Address: A72-247-238-176.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:4389

Remote Address: A72-247-238-176.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: D8ST2X81:27015

Remote Address: LOCALHOST:1139

Type: TCP

Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: ESTABLISHED

Local Address: D8ST2X81:27015

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: LISTENING

Local Address: D8ST2X81:18080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: D8ST2X81:13128

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4562

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4525

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4499

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4497

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4495

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4493

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4448

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4446

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4444

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4442

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4438

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4436

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:10080

Remote Address: LOCALHOST:4415

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: ESTABLISHED

Local Address: D8ST2X81:10080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4599

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4598

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4597

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4594

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4593

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4592

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4591

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4590

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4589

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4588

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4587

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4586

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4585

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4584

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4583

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4582

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4581

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4580

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4579

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4578

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4577

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4576

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4575

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4574

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4573

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4572

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4571

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4570

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4569

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4567

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4566

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4565

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4564

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4561

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:4320

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:9100

Remote Address: LOCALHOST:1157

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:9100

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: LISTENING

Local Address: D8ST2X81:5354

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: LISTENING

Local Address: D8ST2X81:4566

Remote Address: LOCALHOST:9100

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

Local Address: D8ST2X81:4525

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4499

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4497

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4495

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4493

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4415

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe

State: ESTABLISHED

Local Address: D8ST2X81:4407

Remote Address: LOCALHOST:10080

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:4392

Remote Address: LOCALHOST:10080

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:4388

Remote Address: LOCALHOST:10080

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:4387

Remote Address: LOCALHOST:10080

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: D8ST2X81:4320

Remote Address: LOCALHOST:9100

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

Local Address: D8ST2X81:1157

Remote Address: LOCALHOST:9100

Type: TCP

Process: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

State: ESTABLISHED

Local Address: D8ST2X81:1139

Remote Address: LOCALHOST:27015

Type: TCP

Process: C:\Program Files\iTunes\iTunesHelper.exe

State: ESTABLISHED

Local Address: D8ST2X81:1033

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

Local Address: D8ST2X81:28784

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\uTorrent\uTorrent.exe

State: LISTENING

Local Address: D8ST2X81:2869

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

Local Address: D8ST2X81:1154

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

State: LISTENING

Local Address: D8ST2X81:1025

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\LEXPPS.EXE

State: LISTENING

Local Address: D8ST2X81:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: D8ST2X81:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:5353

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:1900

Remote Address: NA

Type: UDP

Process: C:\Program Files\uTorrent\uTorrent.exe

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:1142

Remote Address: NA

Type: UDP

Process: C:\Program Files\uTorrent\uTorrent.exe

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:138

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: D8ST2X81.HOSTS.BC1.BRESNAN.NET:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: D8ST2X81:4321

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

Local Address: D8ST2X81:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: D8ST2X81:1119

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: D8ST2X81:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: D8ST2X81:53225

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

Local Address: D8ST2X81:39041

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lxducoms.exe

State: NA

Local Address: D8ST2X81:28784

Remote Address: NA

Type: UDP

Process: C:\Program Files\uTorrent\uTorrent.exe

State: NA

Local Address: D8ST2X81:9370

Remote Address: NA

Type: UDP

Process: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

State: NA

Local Address: D8ST2X81:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

Local Address: D8ST2X81:1026

Remote Address: NA

Type: UDP

Process: C:\Program Files\Bonjour\mDNSResponder.exe

State: NA

Local Address: D8ST2X81:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

Local Address: D8ST2X81:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

Object: C:\System Volume Information\tracking.log

Status: Access denied

Object: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}

Status: Access denied

[sjpritch25]

please attach the sysprot log it was cut off. Thanks

[jh1193]

Ok

SysProtLog.txt

SysProtLog.txt

[sjpritch25]

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
  
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Copy all of the text in the below between the dotted lines to the clipboard by highlighting it and then pressing Ctrl+C.
  ------------------------------------------------------------------------------------
  

  Drivers to delete:gxvxcserv.sysFiles to delete:C:\WINDOWS\system32\drivers\gxvxcltujnreoyepliqjsppfpdnmjaosixgnt.sys

  
  ------------------------------------------------------------------------------------
  

• In the avenger window, click the Paste Script from Clipboard, button.
  
• Click the Execute button.
  
• You will be asked Are you sure you want to execute the current script?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
  
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log, along with a new HijackThis log in your next reply.
  

[jh1193]

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "gxvxcserv.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\gxvxcltujnreoyepliqjsppfpdnmjaosixgnt.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\gxvxcltujnreoyepliqjsppfpdnmjaosixgnt.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:14:45, on 8/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\msa.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\lxducoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)

O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe

O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe

O23 - Service: MrobeService - American Megatrends Inc. - (no file)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 13061 bytes

Heres the logs. Thanks for all the help so far. I really appreciate it.

[sjpritch25]

Please post a fresh Sysprot log, i would like you to run another quick scan with malwarebytes too. Make sure you update Malwarebytes to the latest definitions and run a quick scan.

[jh1193]

Malwarebytes' Anti-Malware 1.40

Database version: 2559

Windows 5.1.2600 Service Pack 3

8/4/2009 10:28:52 AM

mbam-log-2009-08-04 (10-28-44).txt

Scan type: Quick Scan

Objects scanned: 91046

Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 23

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 27

Files Infected: 337

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\av care (Rogue.AVCare) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\AV Care (Rogue.AVCare) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.

C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Start Menu\Programs\AV Care (Rogue.AVCare) -> No action taken.

C:\Program Files\AV Care (Rogue.AVCare) -> No action taken.

Files Infected:

C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.

C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.dat (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.exe (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data\config.md (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.

C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\config.md (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\ipdata.md (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-222703.218.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-222841.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-223045.609.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-223819.281.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-232622.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090611-234447.109.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090612-164027.000.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090613-193233.437.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090614-230701.203.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-130257.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-130515.343.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-132405.843.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-133140.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-190318.812.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-215742.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-220834.484.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-224558.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-225004.828.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-225549.953.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-230237.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-230323.921.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-231408.359.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-231623.093.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-232115.921.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-232813.812.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-233339.453.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090615-233705.765.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090616-183813.531.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-142642.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-144354.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-144515.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-152616.765.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-160346.312.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-163228.376.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-163947.892.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-175018.142.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-183326.173.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-193102.297.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-194010.249.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-195228.862.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-210205.464.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-211149.097.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-211311.659.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-234256.880.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090627-234401.036.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-001406.780.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-014621.906.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-081115.218.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-112902.468.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-121944.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-131155.812.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-140333.796.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-233537.484.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090628-235716.437.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-000145.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-000629.092.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-203307.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-224302.109.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-231112.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-231306.921.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-231326.265.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-231348.953.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-231404.703.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-234339.015.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090629-234425.703.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-000929.952.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-001406.906.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-035630.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-035806.531.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-212700.015.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-212811.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-212849.578.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-213123.156.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-213223.093.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090630-213438.484.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-141743.921.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-141931.578.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090701-142023.312.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-204944.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-205248.625.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090705-212844.359.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090706-201053.156.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090706-201210.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090706-223206.781.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090706-223408.625.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-195321.796.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-210016.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-222403.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223039.765.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223039.796.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223104.578.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223105.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223220.859.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223255.656.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-223803.453.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-235437.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090707-235506.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-000257.031.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-000934.093.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-001012.125.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-001027.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-001209.718.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-002824.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-200457.687.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-201602.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-201650.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-202729.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090708-204703.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-002015.609.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-002140.968.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-002240.390.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-003504.484.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004003.718.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004633.343.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004742.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004757.171.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004813.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-004824.578.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-005136.906.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-005255.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-005255.750.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-011834.093.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-011951.625.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-121712.218.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-121816.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-130436.984.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-130624.812.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090710-130800.203.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-002516.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-002723.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-003754.875.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-003930.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-122421.453.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-122532.453.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-123743.984.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-123808.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-133628.750.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-133723.968.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-143448.781.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-144436.375.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-150656.781.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-180016.265.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-180016.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090711-180017.125.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090712-020727.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090712-032331.437.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090712-032511.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090712-032801.468.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\NP_20090712-032812.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Internet Saving Optimizer\3.3.0.4160\rstatus.md (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-222402.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-222703.031.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-222841.875.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-223045.562.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-223819.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-232622.125.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090611-234447.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090612-164026.812.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090613-193232.781.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090614-230701.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-130257.171.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-130515.265.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-132405.640.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-133140.265.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-190318.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-215742.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-220834.265.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-224558.531.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-225004.765.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-225549.859.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-230236.984.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-230323.859.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-231408.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-231623.015.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-232115.843.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-232813.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-233339.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090615-233705.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090616-183813.375.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-142642.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-144354.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-144514.984.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-152616.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-160346.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-163228.267.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-163947.860.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-175018.079.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-183326.001.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-193101.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-194010.202.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-195228.690.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-210205.433.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-211149.066.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-211311.628.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-234256.427.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090627-234401.005.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-001406.733.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-014621.843.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-081114.984.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-112901.640.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-121943.875.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-131155.437.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-140333.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-233537.281.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090628-235716.359.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-000145.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-000628.983.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-203307.140.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-224301.843.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-231111.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-231306.890.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-231326.218.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-231348.921.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-231404.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-234338.828.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090629-234425.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-000929.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-001406.874.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-035630.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-035806.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-212659.765.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-212811.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-212849.546.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-213123.125.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-213223.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090630-213438.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-141743.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-141931.546.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090701-142023.281.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-204944.000.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-205248.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-212844.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-201053.031.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-201210.359.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-223206.750.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-223408.609.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-195321.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-210016.109.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-222402.187.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-222402.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223039.703.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223039.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223104.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223105.156.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223220.828.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223255.625.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-223803.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-235437.171.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-235506.890.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-000256.796.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-000934.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-001012.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-001027.390.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-001209.687.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-002824.109.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-200457.500.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-201602.562.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-201650.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-202729.468.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-204703.390.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-002015.406.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-002140.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-002240.359.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-003504.453.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004003.687.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004633.312.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004742.046.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004757.078.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004813.109.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-004824.546.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-005136.875.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-005255.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-005255.671.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-011834.062.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-011951.593.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-121711.640.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-121816.031.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-130436.703.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-130624.781.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-130800.171.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-002516.281.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-002723.156.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-003754.828.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-003930.562.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-122420.390.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-122532.421.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-123743.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-123808.906.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-133628.546.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-133723.937.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143448.750.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-144436.328.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-150656.734.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-180016.234.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-180016.484.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-180016.968.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-020725.609.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-032331.406.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-032511.156.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-032801.437.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-032812.296.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-233234.171.log (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\Jeremy Helstrom\Start Menu\Programs\AV Care\AV Care.lnk (Rogue.AVCare) -> No action taken.

C:\Program Files\AV Care\avc.ico (Rogue.AVCare) -> No action taken.

C:\Program Files\AV Care\Uninstall.exe (Rogue.AVCare) -> No action taken.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.

SysProtLog.txt

SysProtLog.txt

[jh1193]

SO am I done with this? Is the rootkit off my computer or do i have more to do?

[sjpritch25]

i see no action take in the MBAM log, did you remove those items?

Please post a fresh Hijackthis log

How is everything running?

[jh1193]

Everything seems to be running fine. And Malewarebytes saves the logfile before i even get a chance to remove them. I did remove the files. Heres my HijackThis log. Thanks for all the help. I really appreciate it.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:05:12, on 8/16/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe

C:\WINDOWS\system32\lxducoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe

O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe

O23 - Service: MrobeService - American Megatrends Inc. - (no file)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 12863 bytes

[sjpritch25]

Do you connect to the internet through a proxy server?

[jh1193]

How do I tell? I have no idea.