I have Torpig and a few othe spyware programs that keep coming up even after I clean them.

Adrevolver
advertising.com
avenue A inc.
Casalemedia
Doubleclick
Fastclick
Hitbox
mediaplex
statcounter
torpig
zedo



here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:40:24 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {090E505C-0885-489B-A9B8-2B6A1522C587} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {0D1D03DF-CAD2-49BF-8598-D42FBE001396} - (no file)
O2 - BHO: (no name) - {1A903780-5535-49F4-B68B-9342D7BE761E} - (no file)
O2 - BHO: (no name) - {280D197D-1741-4C36-AB01-1F9FBDACDE66} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6EB7EBED-31EE-4F5D-8F67-90F2024D58C4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {87F983F3-DF80-4935-99AA-970F03192FA2} - (no file)
O2 - BHO: (no name) - {88D1496E-334D-4762-8289-A803F0132C2A} - (no file)
O2 - BHO: (no name) - {B56E56F0-52A6-4BDF-8BC5-3C38EBA6370B} - (no file)
O2 - BHO: (no name) - {C4CAB04A-BB4D-4E1C-8A92-4DC26D99A755} - (no file)
O2 - BHO: (no name) - {D50C18EE-52AA-4C30-8F57-5A818BCF37FA} - (no file)
O2 - BHO: (no name) - {E06A77D5-BE3D-45CD-88F2-DA3D9451F7F5} - (no file)
O2 - BHO: (no name) - {E26C4371-3127-40D8-A965-9019D74E77C2} - (no file)
O2 - BHO: (no name) - {EA5F99D4-17CA-456B-9203-97EA64FD391B} - (no file)
O2 - BHO: (no name) - {F31952C3-877A-47B6-A5B8-2A497C591935} - (no file)
O2 - BHO: (no name) - {F7307BA1-B471-4C06-9C13-0E837F161449} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158015696250
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4934/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEAFD4B9-BBB3-4E73-8E9F-F2B388E295ED}: NameServer = 208.180.42.100,208.180.42.68
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

here is results from Comboscan


ComboScan v20070306.20 run by Jason on 2007-03-08 at 08:18:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-08 14:18:03 UTC - RP1 - System Checkpoint


Performed disk cleanup.




R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {090E505C-0885-489B-A9B8-2B6A1522C587} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {0D1D03DF-CAD2-49BF-8598-D42FBE001396} - (no file)
O2 - BHO: (no name) - {1A903780-5535-49F4-B68B-9342D7BE761E} - (no file)
O2 - BHO: (no name) - {280D197D-1741-4C36-AB01-1F9FBDACDE66} - (no file)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EB7EBED-31EE-4F5D-8F67-90F2024D58C4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {87F983F3-DF80-4935-99AA-970F03192FA2} - (no file)
O2 - BHO: (no name) - {88D1496E-334D-4762-8289-A803F0132C2A} - (no file)
O2 - BHO: (no name) - {B56E56F0-52A6-4BDF-8BC5-3C38EBA6370B} - (no file)
O2 - BHO: (no name) - {C4CAB04A-BB4D-4E1C-8A92-4DC26D99A755} - (no file)
O2 - BHO: (no name) - {D50C18EE-52AA-4C30-8F57-5A818BCF37FA} - (no file)
O2 - BHO: (no name) - {E06A77D5-BE3D-45CD-88F2-DA3D9451F7F5} - (no file)
O2 - BHO: (no name) - {E26C4371-3127-40D8-A965-9019D74E77C2} - (no file)
O2 - BHO: (no name) - {EA5F99D4-17CA-456B-9203-97EA64FD391B} - (no file)
O2 - BHO: (no name) - {F31952C3-877A-47B6-A5B8-2A497C591935} - (no file)
O2 - BHO: (no name) - {F7307BA1-B471-4C06-9C13-0E837F161449} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158015696250
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4934/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEAFD4B9-BBB3-4E73-8E9F-F2B388E295ED}: NameServer = 208.180.42.100,208.180.42.68
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - unable to read value
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S AC2003 - C:\WINDOWS\system32\drivers\AC2003.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
3S ATI Remote Wonder II - C:\WINDOWS\system32\drivers\atirwvd.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R ATIAVAIW (ATI T200 Unified AVStream service) - C:\WINDOWS\system32\drivers\atinavt2.sys
3R ATIDACXX (ATI DTV Wonder Analog Audio Capture Device) - C:\WINDOWS\system32\drivers\atidacxx.sys
3R ATIDDCXX (ATI DTV Wonder Digital BDA Capture Device) - C:\WINDOWS\system32\drivers\atiddcxx.sys
3R ATIDTUXX (ATI DTV Wonder Digital And Analog Tuner Device) - C:\WINDOWS\system32\drivers\atidtuxx.sys
3R ATIDVCXX (ATI DTV Wonder Analog AV Capture Device) - C:\WINDOWS\system32\drivers\atidvcxx.sys
3R ATIDXBXX (ATI DTV Wonder Analog AV Crossbar Device) - C:\WINDOWS\system32\drivers\atidxbxx.sys
3S atinevxx (ATI WDM Rage Theater Video) - C:\WINDOWS\system32\drivers\atinevxx.sys
1R ATITool (ATITool Overclocking Utility) - C:\WINDOWS\system32\drivers\ATITool.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R E1000 (Intel(R) PRO/1000 Adapter Driver) - C:\WINDOWS\system32\drivers\e1000325.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys
1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
1R mbmiodrvr - C:\WINDOWS\system32\mbmiodrvr.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE Filter) - C:\WINDOWS\system32\drivers\MPE.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070307.037\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070307.037\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
1S nvport (NVIDIA PORT IO Control Driver) - C:\WINDOWS\system32\Drivers\nvport.sys (not found)
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S Razerlow (Razerlow USB Filter Driver) - C:\WINDOWS\system32\drivers\Razerlow.sys
3S RivaTuner32 - C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner32.sys
1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
0R si3112r (Silicon Image SiI 3112 SATARaid Controller) - C:\WINDOWS\system32\drivers\SI3112r.sys
0R SiFilter (SATALink driver accelerator) - C:\WINDOWS\system32\drivers\SiWinAcc.sys
0R SiWinAcc - C:\WINDOWS\system32\drivers\SiWinAcc.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S SndTDriverV32 - C:\WINDOWS\system32\drivers\SndTDriverV32.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3S TIEHDUSB - C:\WINDOWS\system32\drivers\tiehdusb.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
3R WinDriver6 - C:\WINDOWS\system32\drivers\windrvr6.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
4S FAH@C:+Documents and Settings+Jason+Desktop+FAH504-Console -config.exe - C:\Documents and Settings\Jason\Desktop\FAH504-Console -config.exe -svcstart
4S FAH@C:+Documents and Settings+Jason+Desktop+Fold2+FAH504-Console.exe - C:\Documents and Settings\Jason\Desktop\Fold2\FAH504-Console.exe -svcstart
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
2R gb (Remote Procedure Call (RPC) Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
4S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
4S InCDsrv (InCD Helper) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
4S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\McrdSvc.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S mple7docserver (Maya 7 PLE Documentation Server) - "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf"
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
4S Proxure mdSDK Backup Service - "C:\Program Files\Proxure\KeepVault\Engine\KSLService.exe"
4S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
4S winlogin - C:\WINDOWS\lsass.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-08 08:06:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-03-08 01:00:00 400 --a------ C:\WINDOWS\Tasks\MCE Tunes Auto Sync.job<MCETUN~1.JOB>
2007-03-08 01:00:00 364 --a------ C:\WINDOWS\Tasks\ Auto Sync.job<AUTOSY~1.JOB>
2007-03-02 13:51:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2006-11-15 16:40:17 300 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2007-02-08 and 2007-03-08 -----------------------------

2007-03-08 08:05:53 0 d-------- C:\Documents and Settings\Jason\Application Data\MailFrontier<MAILFR~1>
2007-03-08 07:29:59 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-08 07:29:39 75512 --a------ C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-03-08 07:29:39 11264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-08 07:29:17 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-08 07:29:16 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-08 07:28:49 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-08 06:52:25 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-03-08 06:35:28 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-03-08 02:35:29 155648 --a------ C:\WINDOWS\system32\SSCE5232.dll
2007-03-08 02:35:27 0 d-------- C:\Program Files\Common Files\Wintertree<WINTER~1>
2007-03-08 02:35:26 0 d-------- C:\Program Files\Virtual Mechanics<VIRTUA~1>
2007-03-07 01:02:12 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-03-05 18:14:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-05 18:14:29 0 d-------- C:\Fraps
2007-02-28 17:31:15 0 d-------- C:\Documents and Settings\Jason\Application Data\Command & Conquer 3 Tiberium Wars Demo<COMMAN~1>
2007-02-28 17:28:29 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-02-26 14:18:03 0 d-------- C:\Program Files\ATITool
2007-02-22 06:23:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-02-22 05:54:28 0 dr-h----- C:\Documents and Settings\Jason\Application Data\yahoo!
2007-02-20 19:30:53 1122304 --a------ C:\WINDOWS\system32\aspichk.dll
2007-02-20 19:30:51 0 d-------- C:\Program Files\Dvd-cloner<DVD-CL~1>
2007-02-20 19:19:37 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-02-20 19:19:37 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-02-19 22:56:20 0 d-------- C:\Documents and Settings\Jason\Application Data\Ahead
2007-02-19 22:44:36 0 d-------- C:\Program Files\Nero
2007-02-19 22:44:36 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-15 16:38:10 46592 --a------ C:\WINDOWS\system32\zlbw.dll
2007-02-14 19:23:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs<MEDIAC~1>
2007-02-14 19:20:18 0 d-------- C:\Documents and Settings\Jason\Application Data\InstallShield<INSTAL~1>
2007-02-13 05:45:16 0 --a------ C:\WINDOWS\system32\advvpi32.dll
2007-02-13 05:35:19 47104 --a------ C:\WINDOWS\pc.exe
2007-02-13 05:35:19 98 --a------ C:\WINDOWS\msvbs32.dll
2007-02-13 05:35:15 10010 --a------ C:\WINDOWS\inserv.exe
2007-02-13 04:10:00 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-02-13 01:57:50 0 d-------- C:\Program Files\VUGames
2007-02-13 01:55:14 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-02-13 01:50:35 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-09 18:28:14 0 d-------- C:\Program Files\Common Files\Alias Shared<ALIASS~1>
2007-02-09 18:24:14 0 d-------- C:\Program Files\Alias

-- Find3M Report ---------------------------------------------------------------

2007-03-08 08:16:05 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-08 08:03:50 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-03-08 08:00:06 0 d-------- C:\Program Files\Yahoo!
2007-03-08 02:54:24 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2007-03-08 02:50:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-07 23:45:23 0 d-------- C:\Program Files\Steam
2007-02-28 17:25:29 0 d-------- C:\Documents and Settings\Jason\Application Data\uTorrent
2007-02-26 11:17:58 503296 --a------ C:\WINDOWS\system32\winlogon.exe
2007-02-26 10:06:14 0 d-------- C:\Program Files\Grisoft
2007-02-22 06:27:28 0 d-------- C:\Program Files\Trillian
2007-02-22 06:25:34 0 d-------- C:\Program Files\DivX
2007-02-22 06:24:53 0 d-------- C:\Program Files\Heat
2007-02-22 06:23:49 0 d---s---- C:\Documents and Settings\Jason\Application Data\Microsoft<MICROS~1>
2007-02-22 06:19:56 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-22 06:17:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-20 22:29:36 0 d-------- C:\Program Files\Razer
2007-02-07 14:00:38 0 d-------- C:\Program Files\MSBuild
2007-02-07 13:56:25 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-02-02 18:34:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-02-02 14:17:00 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-02 14:04:44 307200 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-02-02 14:03:43 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-02 13:57:08 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-02 13:56:56 110592 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-02-02 13:56:48 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-02-02 13:56:41 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-02 13:56:29 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-02 13:55:08 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-02 13:54:20 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-02-02 13:51:22 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-02 13:46:45 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-02 13:40:29 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-02 13:27:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-02 13:25:54 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-02 13:20:28 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-02 13:19:49 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-02-02 07:23:01 0 d-------- C:\Program Files\HardwareOC BenchTools<HARDWA~1>
2007-01-31 22:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-31 22:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-31 22:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-31 22:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 18:04:15 0 d-------- C:\Program Files\MilkShape 3D 1.7.10<MILKSH~1.10>
2007-01-31 15:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-31 05:45:51 0 d-------- C:\Program Files\Proxure
2007-01-31 05:45:51 0 d-------- C:\Program Files\Common Files\Proxure
2007-01-30 17:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 10:21:34 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-01-29 23:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-29 22:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 12:27:26 0 d-------- C:\Program Files\Mozilla Sunbird<MOZILL~3>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 19:19:00 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-25 19:19:00 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-25 19:18:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-25 19:18:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-25 19:13:45 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-25 19:13:45 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-25 19:13:44 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-25 19:13:44 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-25 19:13:44 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-25 19:13:44 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-25 19:13:44 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-24 02:32:23 0 d-------- C:\Program Files\Netflix
2007-01-24 02:09:27 0 d-------- C:\Program Files\Common Files\ATI
2007-01-24 02:09:26 0 d-------- C:\Program Files\ATI Multimedia<ATIMUL~1>
2007-01-24 02:07:19 0 d-------- C:\Documents and Settings\Jason\Application Data\X10 Commander<X10COM~1>
2007-01-22 13:29:23 0 d-------- C:\Program Files\Microsoft Money 2006<MI18C4~1>
2007-01-18 23:22:11 0 d-------- C:\Program Files\LimeWire
2007-01-18 18:16:45 0 d-------- C:\Documents and Settings\Jason\Application Data\Design Science<DESIGN~1>
2007-01-18 18:16:40 0 d-------- C:\Program Files\MathType
2007-01-17 11:44:11 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2007-01-17 11:37:55 0 d-------- C:\Documents and Settings\Jason\Application Data\Desktop Sidebar<DESKTO~1>
2007-01-16 13:45:22 0 d-------- C:\Program Files\GameShadow<GAMESH~1>
2007-01-16 13:37:35 0 d-------- C:\Program Files\Ubisoft
2007-01-15 11:04:36 0 d-------- C:\Documents and Settings\Jason\Application Data\Lionhead Studios<LIONHE~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 --a------ C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-10 10:17:20 0 d-------- C:\Program Files\Common Files\CyberLink<CYBERL~1>
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-31 16:50:04 4096 --a------ C:\WINDOWS\d3dx.dat
2006-12-28 05:06:44 5973 --a------ C:\WINDOWS\mozver.dat
2006-12-25 19:11:24 771907 ---hs---- C:\WINDOWS\system32\bbeeg.ini2<BBEEG~1.INI>
2006-12-25 18:55:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2006-12-21 07:36:10 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-18 06:29:14 939924 ---hs---- C:\WINDOWS\system32\bbeeg.bak2<BBEEG~2.BAK>
2006-12-12 17:00:52 858095 ---hs---- C:\WINDOWS\system32\bbeeg.bak1<BBEEG~1.BAK>
2006-12-12 10:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2006-12-08 12:02:00 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"srePostpone"="rundll32.exe c:\\windows\\system32\\zonelabs\\srescan.dll,DoSpecialAction"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Device Detector 3.lnk"
"backup"="C:\\WINDOWS\\pss\\Device Detector 3.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Olympus\\DEVICE~1\\DevDtct2.exe "
"item"="Device Detector 3"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SpyCatcher Protector.lnk"
"backup"="C:\\WINDOWS\\pss\\SpyCatcher Protector.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SPYCAT~1\\PROTEC~1.EXE "
"item"="SpyCatcher Protector"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Electron Microscope.lnk]
"path"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\Electron Microscope.lnk"
"backup"="C:\\WINDOWS\\pss\\Electron Microscope.lnkStartup"
"location"="Startup"
"command"="C:\\DOCUME~1\\Jason\\Desktop\\DOWNLO~1\\FOLDIN~1\\-EM3\\EMIII.exe "
"item"="Electron Microscope"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Scheduler.lnk]
"path"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\Scheduler.lnk"
"backup"="C:\\WINDOWS\\pss\\Scheduler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SPYCAT~1\\SCHEDU~1.EXE "
"item"="Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Scheduler.lnk.disabled]
"path"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\Scheduler.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Scheduler.lnk.disabledStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\Scheduler.lnk.disabled"
"item"="Scheduler.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD LIVE! Sync Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KSLTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Proxure\\KeepVault\\KSLTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATIRW"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raodrmdh"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\raodrmdh.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCE Tunes Extender Support]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MCETunesExtenderSupport"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Proxure\\MCE Tunes Pro\\MCETunesExtenderSupport.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="razerhid"
"hkey"="HKLM"
"command"="C:\\Program Files\\Razer\\razerhid.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RivaTuner"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\RivaTuner v2.0 RC 16.2\\RivaTuner.exe\" /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyCatcher Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyCatcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinClock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winclock"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pixwares\\WinClock Biz\\winclock.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FAH@C:+Documents and Settings+Jason+Desktop+Fold2+FAH504-Console.exe"=dword:00000002
"FAH@C:+Documents and Settings+Jason+Desktop+FAH504-Console -config.exe"=dword:00000002
"SavRoam"=dword:00000003
"MDM"=dword:00000002
"iPod Service"=dword:00000003
"IDriverT"=dword:00000003
"AVGEMS"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"AVG Anti-Spyware Guard"=dword:00000002
"idsvc"=dword:00000003
"InCDsrv"=dword:00000002
"Proxure mdSDK Backup Service"=dword:00000002
"winlogin"=dword:00000002
"WMPNetworkSvc"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{ff170564-36c8-43f7-9100-559e166405cf}"="cussers"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"System Registry Hook"="{309C96FA-8C40-4bce-879C-989DC33DCD25}"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"cussers"="{ff170564-36c8-43f7-9100-559e166405cf}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1CD0291B-0AF6-1033-1228-040208050001}"="\"C:\\Program Files\\Common Files\\{1CD0291B-0AF6-1033-1228-040208050001}\\Update.exe\" 6ð"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
gb

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SRESCAN
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VSMON


-- End of ComboScan: finished at 2007-03-08 at 08:19:15 ------------------------

ComboScan v20070306.20 run by Jason on 2007-03-08 at 08:18:01
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1023.48 MiB / 414.18 MiB
Pagefile Memory (total/avail): 2971.39 MiB / 2515.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 7.32 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 19.11 GiB total, 6.94 GiB free.
X: is Fixed (NTFS) - 74.53 GiB total, 12.99 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.302.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.302.000 (Check Point, LTD.) Disabled Outdated
AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FALCIONESS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\FALCIONESS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=FALCIONESS
USERNAME=Jason
USERPROFILE=C:\Documents and Settings\Jason
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jason (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Alias DirectConnect 2.0 --> MsiExec.exe /I{D10EC365-8936-4B40-AE2E-FCDA61C326D3}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EF128055-9B10-4FF9-8500-5648CF8F899C}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Remote Wonder 3.04 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}
ATIMCEE --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{81A26C27-8CC5-4E8F-BE58-7E3E003875B7} /l1033
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AutoUpdate -->
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Classic Doom 3 1.1 --> X:\Doom3\uninst.exe
College Algebra 6th Edition Learning Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB133EAD-33D3-436B-A2E4-8CE322561ED1}\Setup.exe" -l0x9
Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
Command & Conquer Generals -->
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour -->
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
DAO -->
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
Doom 3 -->
Doom 3 -->
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
DVD-CLONER V3.10 Build 893 --> "C:\Program Files\Dvd-cloner\unins000.exe"
Far Cry -->
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Fraps --> "C:\Fraps\uninstall.exe"
Freelancer --> "C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
GameShadow --> MsiExec.exe /I{D98C9637-93DA-44DB-B73A-B11A1192AB26}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HardwareOC Far Cry Benchmark v1.7 --> "C:\Program Files\HardwareOC BenchTools\unins000.exe"
HardwareOC Prey Benchmark v1.1 --> "C:\Program Files\HardwareOC BenchTools\unins001.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Jason\Desktop\HijackThis.exe /uninstall
IMS Web Dwarf V2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Virtual Mechanics\IMS Web Dwarf V2\DeIsL1.isu" -c"C:\Program Files\Virtual Mechanics\IMS Web Dwarf V2\_ISREG32.DLL"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
KeepVault --> MsiExec.exe /I{11405EC0-9E33-4ED0-9718-F3DBD4E2BF75}
Leisure Suit Larry - Magna Cum Laude --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MailFrontier Desktop --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R
Maya 7.0 Personal Learning Edition --> MsiExec.exe /I{A8AF85EB-737C-49B9-90DD-44A5FAF4D04E}
MCE Tunes Pro --> MsiExec.exe /I{DE46FEE3-4D5F-446F-ACEC-89E3ED081293}
Microsoft Combat Flight Simulator 3.1 --> "X:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 Essentials --> MsiExec.exe /I{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}
Netflix Movie Viewer --> MsiExec.exe /X{D262F1EB-9EC9-45E0-9842-9D0B2526FD0A}
NVIDIA Media Center Extensions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4BE15737-07C5-4705-9DFC-D9D533939942}\setup.exe" -l0x9 -uninstall
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
PC Pitstop Optimize 1.5 --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Razer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\Setup.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RivaTuner v2.0 RC 16.2 --> "C:\Program Files\RivaTuner v2.0 RC 16.2\uninstall.exe"
Scratches --> C:\Program Files\Nucleosys\Scratches\uninstall.exe
Silent Hunter III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}
Sonic RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Supreme Commander Demo --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}\setup.exe -runfromtemp -l0x0009 -removeonly
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Family Fun Stuff --> C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
WebFldrs XP -->
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB905589 --> "C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Widget Engine --> C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- End of ComboScan: finished at 2007-03-08 at 08:19:15 ------------------------

Hi bob102285 and welcome to the Forums :)

You're infected. One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


:bigthumb:

It will not start in safe mode...it says dcom proccess launcher was terminated unexpectedly. I now also have to reactivate my copy of windows

It also now won't let me activate it. the copy is legal and I have the key right here on my computer case.

Ok. The activation thing may be caused by the infection.

Let's forget the safe mode for now.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:bigthumb:

Tried a combo fix.
It said: WinLog.exe is infected.
Now it is continually restarting at the windows load screen.
Please help!!

sorry- winlogon.exe

Hi again and sorry for the delay.

The problem is that a system file named winlogon.exe is infected.

Do you have Windows XP installation disks or somekind of a restore disk? We'll need to replace the infected file with a clean copy.

already ahead of you. I already left my apartment for spring break but I will get my MCE2005 disk when I get back. I started a repair with an extra copy of XP pro but I need the key to it and the key is on my hard drive. I Willl update you when it is done.

Ok we could have just replaced the one file but since you already began the repair it is ok...

Post a fresh HijackThis log when ready :bigthumb:

Back yet bob102285? :D:

This topic has been archived due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.