level42

Since a few days ago I have been getting these popups ever single time I click on a Page with internet explorer.

Now I use Opera mainly but once in a while just use IE.

I have run, Adaware 2007 BETA, Spybot, NOD32 and they have all found nothing.

Here Is my Hijack Log, Hoping someone can help me out, again.

Logfile of HijackThis v1.99.1
Scan saved at 11:25:06 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RapGet\rapget.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{34CE4102-0B75-1033-0222-061116050001}\Update.exe
C:\Program Files\RapGet\rapget.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\FlashFXP\flashfxp.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Jeff\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Jeff\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Microsoft Visual Studio\VB98\vb6.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\4P6J41Y3\hijackthis_sfx[1].exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashmysearch.com/earn/id/17378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware Pro\aaw2007aw.exe
O4 - HKLM\..\Run: [Rapget] C:\Program Files\RapGet\rapget.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-G1DSK.exe" /REG
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://12.161.108.108/kxhcm10.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://90.224.37.142/activex/AxisCamControl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{99AD0E24-408D-4534-86FF-F4E3E8A9704F}: NameServer = 64.71.255.198
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


I Love this forum and thank you ALL SO much for your time patientents and help :)

level42

Here is an UPDATED log following the NEW RULES, aswell as a BUMP!

Thanks in advanced :D

Deckard's System Scanner v20070328.36
Run by Jeff on 2007-04-08 at 23:51:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2007-04-09 03:52:01 UTC - RP25 - Deckard's System Scanner Restore Point
4: 2007-04-08 16:46:13 UTC - RP24 - Unsigned driver install
3: 2007-04-08 03:29:17 UTC - RP23 - Made by Registry Mechanic
2: 2007-04-08 02:37:49 UTC - RP22 - Removed Iminent
1: 2007-04-07 19:28:56 UTC - RP21 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:53:37 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RapGet\rapget.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Far\Plugins\SEFP\sefp0.10.0.51patch.exe
C:\Program Files\Far\Plugins\SEFP\sefp0.10.0.51patch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Jeff\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashmysearch.com/earn/id/17378
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Rapget] C:\Program Files\RapGet\rapget.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware Pro\AAW2007AW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://12.161.108.108/kxhcm10.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://90.224.37.142/activex/AxisCamControl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{99AD0E24-408D-4534-86FF-F4E3E8A9704F}: NameServer = 64.71.255.198
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R1 nod32drv - c:\windows\system32\drivers\nod32drv.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - c:\program files\cyberlink\powerdvd\000.fcl
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys
R2 AMON - c:\windows\system32\drivers\amon.sys
R2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\rainfo.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys
R3 AdWatchDrv (AW Realtime Driver) - c:\windows\system32\drivers\awrtpd.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys
R3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys
R3 LMImirr - c:\windows\system32\drivers\lmimirr.sys
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys
R3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys
R3 WmFilter (Logitech Gaming HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys

S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTKRNL (Bluetooth Bus Enumerator) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 Epiusb (USB Flash) - c:\windows\system32\drivers\epiusb.sys
S3 ggsemc (Sony Ericsson USB Flash Driver) - c:\windows\system32\drivers\ggsemc.sys
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys
S3 ntportio - c:\documents and settings\jeff\desktop\ntportio.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys
S3 PID_08A0 (QuickCam IM(PID_08A0)) - c:\windows\system32\drivers\lv302av.sys
S3 RT2500 (Linksys Wireless-G PCI Adapter Driver) - c:\windows\system32\drivers\rt2500.sys
S3 smbusp (Intel(R) SMBus 2.0 Driver) - c:\windows\system32\drivers\intelsmb.sys
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware pro\aawservice.exe"
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 LMIMaint (LogMeIn Maintenance Service) - "c:\program files\logmein\ramaint.exe"
R2 LogMeIn - "c:\program files\logmein\logmein.exe"
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"

S2 AWService (Admin Works Agent X8) - "c:\program files\intel\idu\awserv.exe"
S2 Client IP-IPX - "" -e mc-110-12-0002239
S2 WMP54Gv4SVC - "c:\program files\linksys wireless-g pci wireless network monitor\wlservice.exe" "wmp54gv4.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-04 22:18:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-08 and 2007-04-08 -----------------------------

2007-04-08 23:31:16 0 d-------- C:\Program Files\PeerGuardian2<PEERGU~1>
2007-04-08 12:58:53 0 d-------- C:\Phone New Drivers<PHONEN~1>
2007-04-08 12:57:32 0 d-------- C:\Phone Back Up<PHONEB~1>
2007-04-08 12:46:13 0 d-------- C:\WINDOWS\LastGood
2007-04-08 12:40:34 0 d-------- C:\Program Files\Phone XS 1.2<PHONEX~1.2>
2007-04-08 12:36:48 0 d-------- C:\Program Files\Far
2007-04-07 23:23:14 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-04-07 13:31:28 0 d-------- C:\Documents and Settings\All Users\Application Data\~0
2007-04-04 23:23:30 0 d-------- C:\HJT
2007-04-04 16:17:48 0 d-------- C:\Program Files\MemSkin+<MEMSKI~1>
2007-04-04 11:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-04-03 11:56:38 0 d-------- C:\Documents and Settings\Jeff\Application Data\FlashFXP
2007-04-03 11:50:38 0 d-------- C:\Program Files\FlashFXP
2007-04-03 11:41:47 0 d-------- C:\Documents and Settings\Jeff\Application Data\Skype
2007-04-03 11:41:41 0 d-------- C:\Program Files\Common Files\Skype
2007-04-03 11:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-04-03 11:41:20 0 d-------- C:\Program Files\Skype
2007-04-03 03:58:15 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
2007-04-03 01:30:17 0 d-------- C:\Program Files\PeDevice
2007-04-02 23:57:36 0 d-------- C:\Program Files\Common Files\{34CE4102-0B75-1033-0222-061116050001}<{34CE4~1>
2007-04-02 23:27:47 0 d-------- C:\Program Files\Ipwindows<IPWIND~1>
2007-04-02 23:24:30 3072 --a------ C:\WINDOWS\system32\unsvchosts.exe<UNSVCH~1.EXE>
2007-04-02 23:24:30 36864 --a------ C:\WINDOWS\system32\svchosts.exe
2007-04-02 20:39:33 0 d-------- C:\Documents and Settings\Jeff\Application Data\Joost
2007-04-02 20:38:27 0 d-------- C:\Program Files\Joost
2007-03-31 04:05:16 0 d-------- C:\Program Files\Yahoo!
2007-03-31 04:05:05 0 d-------- C:\Program Files\CCleaner
2007-03-30 21:30:16 46 --a------ C:\WINDOWS\system32\w34ce4va.dll
2007-03-30 21:29:19 495616 --a------ C:\WINDOWS\system32\ltkrn14N.dll
2007-03-30 21:29:19 950272 --a------ C:\WINDOWS\system32\ltimg14N.dll
2007-03-30 21:29:19 167936 --a------ C:\WINDOWS\system32\ltfil14N.DLL
2007-03-30 21:29:19 282624 --a------ C:\WINDOWS\system32\ltefx14N.dll
2007-03-30 21:29:19 299008 --a------ C:\WINDOWS\system32\LTDIS14N.dll
2007-03-30 21:29:19 1706800 -----n--- C:\WINDOWS\system32\gdiplus.dll
2007-03-30 21:28:20 147968 --a------ C:\WINDOWS\system32\winicon_24.dll<WINICO~1.DLL>
2007-03-30 21:28:20 177152 --a------ C:\WINDOWS\system32\winicon.dll
2007-03-30 21:28:20 0 d-------- C:\Program Files\IconCool Software<ICONCO~1>
2007-03-30 19:55:40 0 d-------- C:\Program Files\Rockstar Games<ROCKST~1>
2007-03-30 16:47:19 0 d-------- C:\ATI
2007-03-30 16:31:13 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-29 23:24:21 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-29 23:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-29 16:47:19 0 d-------- C:\Incomplete<INCOMP~1>
2007-03-28 15:53:59 0 d-------- C:\Program Files\Advanced Batch Converter<ADVANC~2>
2007-03-28 01:37:39 0 d-------- C:\Setup
2007-03-28 01:32:26 0 d-------- C:\Program Files\Smart Install Maker<SMARTI~1>
2007-03-26 23:32:24 0 d-------- C:\Documents and Settings\User_Extended_Test\Application Data\Opera
2007-03-26 23:32:23 786432 --ah----- C:\Documents and Settings\User_Extended_Test\NTUSER.DAT
2007-03-26 12:38:51 0 d-------- C:\WINDOWS\Prefetch
2007-03-26 02:25:56 27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-26 02:24:49 0 d-------- C:\Documents and Settings\Default User\Application Data\Opera
2007-03-26 01:08:46 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-26 01:08:46 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-25 23:28:36 0 d-------- C:\Program Files\CONEXANT
2007-03-25 16:09:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-03-21 21:45:47 0 d-------- C:\Program Files\TVAnts
2007-03-21 21:45:39 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
2007-03-21 21:45:22 0 d-------- C:\Program Files\SatelliteTVforPC<SATELL~1>
2007-03-21 21:44:38 0 d-------- C:\WINDOWS\uninstall<UNINST~1>
2007-03-21 21:03:25 0 d-------- C:\Program Files\DAMN NFO Viewer<DAMNNF~1>
2007-03-21 12:53:36 159744 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-03-21 12:53:35 45504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-03-21 12:53:35 5600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-03-21 12:53:35 22240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-03-21 12:53:35 10144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-03-21 12:53:34 0 d-------- C:\Program Files\Logitech
2007-03-20 23:52:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United<TRACKM~1>
2007-03-20 23:46:20 0 d-------- C:\Program Files\TrackMania United<TRACKM~3>
2007-03-20 16:34:57 0 d-------- C:\Program Files\TrackMania Nations ESWC<TRACKM~2>
2007-03-20 00:29:26 0 d-------- C:\Program Files\TrackMania Sunrise<TRACKM~1>
2007-03-20 00:19:08 0 d-------- C:\Documents and Settings\Jeff\Application Data\Hamachi
2007-03-20 00:18:36 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-20 00:18:34 0 d-------- C:\Program Files\Hamachi
2007-03-19 21:53:53 0 d-------- C:\Documents and Settings\Jeff\scenes
2007-03-19 21:51:36 0 d-------- C:\Program Files\Next Limit<NEXTLI~1>
2007-03-19 15:34:58 0 d-------- C:\Documents and Settings\Jeff\Application Data\U3
2007-03-19 12:55:31 0 d-------- C:\Program Files\MagicISO
2007-03-19 06:30:11 0 d-------- C:\Program Files\Bluetooth remote<BLUETO~2>
2007-03-17 20:45:01 69632 --a------ C:\WINDOWS\Alcmtr.exe
2007-03-16 20:58:52 36864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-03-16 20:58:52 20480 --a------ C:\WINDOWS\system32\wbload.dll
2007-03-16 20:58:50 0 d-------- C:\Program Files\Stardock
2007-03-16 19:53:51 1359 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache<QTSBAN~1>
2007-03-16 1206 0 d-------- C:\Program Files\Common Files\NSV
2007-03-15 23:58:24 0 d-------- C:\Documents and Settings\Jeff\Application Data\Apple Computer<APPLEC~1>
2007-03-15 21:55:40 0 d-------- C:\Documents and Settings\Jeff\Application Data\RapidGet
2007-03-15 21:55:35 0 d--h----- C:\WINDOWS\PIF
2007-03-14 22:26:44 287504 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-03-14 22:26:44 165648 --a------ C:\WINDOWS\system32\mstext35.dll
2007-03-14 22:26:44 250128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-03-14 22:26:44 166160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-03-14 22:26:44 250128 --a------ C:\WINDOWS\system32\msexcl35.dll
2007-03-14 22:26:44 330000 --a------ C:\WINDOWS\system32\msexch35.dll
2007-03-14 22:26:23 269312 --a------ C:\WINDOWS\uninst.exe
2007-03-14 22:26:19 0 d-------- C:\Documents and Settings\Jeff\WINDOWS
2007-03-14 14:05:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-13 16:56:46 284 --a------ C:\WINDOWS\EReg515.dat
2007-03-13 16:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Disney Imagineering<DISNEY~1>
2007-03-13 1615 0 d-------- C:\Program Files\Disney Imagineering<DISNEY~1>
2007-03-12 23:13:25 0 d-------- C:\Program Files\Power Defrag<POWERD~1>
2007-03-11 20:22:32 0 d-------- C:\Program Files\Wii SDK<WIISDK~1>
2007-03-11 18:14:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-03-11 18:01:37 0 d-------- C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-03-11 18:01:37 0 d-------- C:\Program Files\Autodesk
2007-03-11 0109 0 d-------- C:\Program Files\****Ware
2007-03-09 17:03:21 0 d-------- C:\Program Files\DivX
2007-03-09 01:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth<BLUETO~1>
2007-03-09 01:14:05 0 d-------- C:\Program Files\WinHTTrack<WINHTT~1>
2007-03-08 16:32:42 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo<INTERV~1>
2007-03-08 01:05:50 0 d-------- C:\Program Files\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-04-08 21:45:42 0 d-------- C:\Documents and Settings\Jeff\Application Data\Metacafe
2007-04-08 12:39:15 0 d-------- C:\Program Files\LogMeIn
2007-04-07 00:54:09 0 d-------- C:\Documents and Settings\Jeff\Application Data\uTorrent
2007-04-05 22:22:58 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-04 22:19:08 4096 --a------ C:\WINDOWS\system32\crash
2007-04-03 16:38:56 0 d-------- C:\Documents and Settings\Jeff\Application Data\dvdcss
2007-04-01 01:37:18 0 d-------- C:\Documents and Settings\Jeff\Application Data\Mozilla
2007-03-31 18:31:40 0 d-------- C:\Program Files\LimeWire
2007-03-30 19:55:40 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-30 16:52:28 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-26 13:18:21 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-03-26 12:27:34 24916 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-25 18:18:28 0 d---s---- C:\Documents and Settings\Jeff\Application Data\Microsoft<MICROS~1>
2007-03-25 17:59:40 0 d-------- C:\Documents and Settings\Jeff\Application Data\Adobe
2007-03-25 16:11:26 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-21 12:53:36 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-18 17:51:04 0 d-------- C:\Program Files\DriverGuide Toolkit<DRIVER~1>
2007-03-18 02:21:46 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-18 02:19:35 0 d-------- C:\Program Files\Winamp
2007-03-17 20:45:00 0 d-------- C:\Program Files\Realtek
2007-03-16 2115 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-03-16 2115 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-03-16 2114 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-03-14 22:20:44 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-14 20:32:48 0 d-------- C:\Program Files\Corel
2007-03-14 14:09:43 22040 --a------ C:\Documents and Settings\Jeff\Application Data\addon.dat
2007-03-13 13:43:19 0 d-------- C:\Documents and Settings\Jeff\Application Data\LimeWire
2007-03-09 17:37:01 0 d-------- C:\Program Files\Intel
2007-03-09 00:30:42 0 d-------- C:\Documents and Settings\Jeff\Application Data\Macromedia<MACROM~1>
2007-03-08 22:32:04 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-03-08 22:31:01 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-03-08 16:32:53 1984 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-07 16:19:57 0 d-------- C:\Documents and Settings\Jeff\Application Data\Intel
2007-03-07 15:24:13 0 d-------- C:\Program Files\DFX
2007-03-06 22:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-05 23:05:02 0 d-------- C:\Documents and Settings\Jeff\Application Data\ATI
2007-03-05 22:11:49 0 d-------- C:\Program Files\MSBuild
2007-03-05 22:00:47 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-04 19:41:53 0 d-------- C:\Program Files\Web Publish<WEBPUB~1>
2007-03-02 22:36:05 0 d-------- C:\Program Files\GlvoePIE .29<GLVOEP~1.29>
2007-03-02 22:27:53 0 d-------- C:\Program Files\Advanced File Organizer<ADVANC~1>
2007-03-02 22:26:32 0 d-------- C:\Program Files\Open XML Editor 1.4<OPENXM~1.4>
2007-03-02 22:26:06 0 d-------- C:\Program Files\mnProjects<MNPROJ~1>
2007-03-02 16:57:04 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-02 16:54:35 307200 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-02 16:53:36 265728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-02 16:47:51 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-02 16:47:42 110592 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-03-02 16:47:35 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-02 16:47:30 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-02 16:47:19 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-02 16:46:12 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-02 16:45:32 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-03-02 16:38:53 2824512 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-02 16:29:23 1288960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-02 16:21:15 5398528 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-02 16:17:37 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-02 16:16:23 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-02 16:11:44 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-01 03:00:12 0 d-------- C:\Documents and Settings\Jeff\Application Data\Ahead
2007-03-01 02:36:05 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-03-01 02:36:00 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-28 13:03:00 0 d-------- C:\Program Files\Metacafe
2007-02-26 11:44:06 147685 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-24 20:17:44 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-02-24 20:17:33 0 d-------- C:\Documents and Settings\Jeff\Application Data\Webroot
2007-02-24 20:17:31 0 d-------- C:\Program Files\Webroot
2007-02-24 19:54:37 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-23 23:50:56 0 d-------- C:\Program Files\uTorrent
2007-02-23 23:49:12 0 d-------- C:\Program Files\QuickSFV
2007-02-23 00:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 00:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-21 21:29:44 221 --a------ C:\Documents and Settings\Jeff\Application Data\hdl_dump.conf<HDL_DU~1.CON>
2007-02-21 20:36:35 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-02-21 20:15:56 0 d-------- C:\Program Files\Opera
2007-02-21 19:43:53 128528 --a------ C:\WINDOWS\system32\Metacafe.scr
2007-02-19 18:15:08 0 d-------- C:\Documents and Settings\Jeff\Application Data\Configuration<CONFIG~1>
2007-02-19 18:12:42 0 d-------- C:\Documents and Settings\Jeff\Application Data\Google
2007-02-19 18:11:41 0 d-------- C:\Program Files\Google
2007-02-19 15:42:34 0 d-------- C:\Program Files\IVT Corporation<IVTCOR~1>
2007-02-18 02:48:26 0 d-------- C:\Documents and Settings\Jeff\Application Data\GetRightToGo<GETRIG~1>
2007-02-17 22:19:32 0 d-------- C:\Program Files\Turbine
2007-02-17 15:14:23 0 d-------- C:\Program Files\PowerQuest<POWERQ~1>
2007-02-16 18:42:31 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-02-16 18:02:10 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-16 17:14:34 0 d-------- C:\Documents and Settings\Jeff\Application Data\Sun
2007-02-15 18:24:41 0 d-------- C:\Program Files\Ubisoft
2007-02-14 20:44:03 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-14 20:37:12 0 d-------- C:\Program Files\Nero
2007-02-14 20:34:01 0 d-------- C:\Program Files\GameShadow<GAMESH~1>
2007-02-14 20:08:00 0 d-------- C:\Program Files\Managed DirectX (0901)<MANAGE~1>
2007-02-14 19:09:06 0 d-------- C:\Program Files\Doom 3<DOOM3~1>
2007-02-14 17:20:48 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
2007-02-14 13:13:33 0 d-------- C:\Documents and Settings\Jeff\Application Data\InstallShield<INSTAL~1>
2007-02-13 21:48:18 0 d-------- C:\Program Files\Common Files\L&H
2007-02-13 21:47:56 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-13 21:46:50 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-02-13 21:46:09 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-13 18:22:52 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-12 14:31:32 8 -rahs---- C:\WINDOWS\system32\3FD06A9722.sys<3FD06A~1.SYS>
2007-02-12 14:29:23 8 -rahs---- C:\WINDOWS\system32\C5F88BC8A5.sys<C5F88B~1.SYS>
2007-02-12 14:29:12 0 d-------- C:\Documents and Settings\Jeff\Application Data\Corel
2007-02-12 14:16:47 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-12 00:34:03 0 d-------- C:\Program Files\Camfrog
2007-02-12 00:31:01 0 d-------- C:\Documents and Settings\Jeff\Application Data\Camfrog
2007-02-12 00:29:51 0 d-------- C:\Program Files\TechSmith<TECHSM~1>
2007-02-11 13:55:30 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-02-08 17:25:44 0 d-------- C:\Program Files\Xilisoft
2007-02-08 15:44:37 0 d-------- C:\Documents and Settings\Jeff\Application Data\vlc
2007-02-08 04:00:28 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-06 09:43:55 0 -rahs---- C:\MSDOS.SYS
2007-02-06 09:43:55 0 -rahs---- C:\IO.SYS
2007-02-06 09:43:55 0 --a------ C:\CONFIG.SYS
2007-02-06 09:43:55 0 --a------ C:\AUTOEXEC.BAT
2007-02-05 19:41:54 62 --ahs---- C:\Documents and Settings\Jeff\Application Data\desktop.ini
2007-02-02 15:40:11 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Rapget"="C:\\Program Files\\RapGet\\rapget.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SkyTel"="SkyTel.EXE"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"Ad-Watch"="C:\\Program Files\\Lavasoft\\Ad-Aware Pro\\AAW2007AW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpk"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpotdd01"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAShCut"
"hkey"="HKLM"
"command"="HDAShCut.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb08"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iptray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\IDU\\iptray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rapget"
"hkey"="HKLM"
"command"="C:\\Program Files\\RapGet\\rapget.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SkyTel"
"hkey"="HKLM"
"command"="SkyTel.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UnlockerAssistant"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwDisp"
"hkey"="HKCU"
"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{34CE4102-0B75-1033-0222-061116050001}"="\"C:\\Program Files\\Common Files\\{34CE4102-0B75-1033-0222-061116050001}\\Update.exe\" mc-110-12-0002239"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_IPFILTERDRIVER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PGFILTER


-- End of Deckard's System Scanner: finished at 2007-04-08 at 23:54:14 ---------

Attached Files

extra.txt (15.1 KB, 6 views)

Clark76

Hello and welcome to TSF

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

level42

Thanks for the Heads up !

Clark76

Save the following instructions in Notepad or print them out. Please also stay with me until I declare you clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=======================================================

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Downloads

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix
Do not run this tool yet

=======================================================

Download AVG Anti-Spyware from HERE

• Install AVG Anti-Spyware
• Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

======================================================

• Right click on the Ad-Watch icon in the system tray.
• At the bottom of the screen there will be two checkable items called "Active" and "Automatic"
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically.
• Uncheck both of those boxes.

==========================================================

Save the attached zipped folder found at the bottom of this thread to your desktop.

=========================================================

Download combofix from here.

**Save it directly to your desktop**
Do not run this tool yet

=========================================================

Disconnect from the internet

==========================================================

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Double click the zipped folder you downloaded from the bottom of this thread.

Inside the folder will be this file - delete.reg It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

===============================================================

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=======================================================

Reboot
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

======================================================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

Please remember to close all other windows, including browsers then click Fix checked.

=======================================================

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware

=======================================================

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

=======================================================

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Run Deckard's System Scanner (DSS) again

1. Close all applications and windows.
2. Double-click on DSS.exe to run it, and follow the prompts.
3. When the scan is complete, one text file will open - main.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your reply.

================================================

Please provide the following logs with your next post:

AVG Anti-Spyware report
SDFix Report.txt
C:\ComboFix.txt
Panda Scan report
Main.txt

Also include how your system is performing

Attached Files

level42.zip (252 Bytes, 6 views)

level42

You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

AVG Will Not let me update the definitions.

Error: Sorry, the server is not ready to serve. Please try again later.