Hello,

I attempted to download the backup/restore program and the link took me to a german site. I did download the dds, but I am unable to run it. The error says it is not a valid win32 application.

I fear there maybe a keylogger on machine either from local or wireless internet from my soon to be ex-wife's machine.

Thanks

Bill
----------------------
Here is my dds

DDS (Ver_10-03-17.01) - NTFSx86
Run by computer at 22:03:07.66 on Tue 05/18/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1425 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Artist\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: cp-staging Toolbar: {cb83f3ce-5dc6-4425-b385-8dc97e80c2d9} - c:\program files\cp-staging\tbcp-s.dll
mURLSearchHooks: cp-staging Toolbar: {cb83f3ce-5dc6-4425-b385-8dc97e80c2d9} - c:\program files\cp-staging\tbcp-s.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.6.0.32\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: cp-staging Toolbar: {cb83f3ce-5dc6-4425-b385-8dc97e80c2d9} - c:\program files\cp-staging\tbcp-s.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: cp-staging Toolbar: {cb83f3ce-5dc6-4425-b385-8dc97e80c2d9} - c:\program files\cp-staging\tbcp-s.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\users\artist\appdata\roaming\mozilla\firefox\profiles\yq1x2uxn.default\
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\artist\appdata\roaming\mozilla\firefox\profiles\yq1x2uxn.default\extensions\{cb83f3ce-5dc6-4425-b385-8dc97e80c2d9}\components\FFExternalAlert.dll
FF - component: c:\users\artist\appdata\roaming\mozilla\firefox\profiles\yq1x2uxn.default\extensions\{cb83f3ce-5dc6-4425-b385-8dc97e80c2d9}\components\RadioWMPCore.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1106000.020\symds.sys [2010-5-12 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1106000.020\symefa.sys [2010-5-12 172592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1106000.020\cchpx86.sys [2010-5-12 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100513.002\IDSvix86.sys [2010-5-17 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1106000.020\ironx86.sys [2010-5-12 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1106000.020\symtdiv.sys [2010-5-12 340016]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-9-16 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-4-20 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-4-20 493032]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.6.0.32\ccsvchst.exe [2010-5-12 126392]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2009-10-12 14416]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-5-1 5010288]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-13 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-16 21504]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [2009-10-12 26045]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

=============== Created Last 30 ================

2010-05-17 02:17:51 0 d-----w- c:\users\artist\appdata\roaming\CheckPoint
2010-05-17 02:17:30 0 d-----w- c:\program files\Conduit
2010-05-17 02:17:29 0 d-----w- c:\program files\cp-staging
2010-05-17 02:17:22 0 d-----w- c:\program files\CheckPoint
2010-05-17 02:16:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-17 02:16:25 463560 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-05-17 02:16:25 421442 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-17 02:16:25 0 d-----w- c:\windows\system32\ZoneLabs
2010-05-17 02:16:24 0 d-----w- c:\program files\Zone Labs
2010-05-17 02:15:05 0 d-----w- c:\programdata\CheckPoint
2010-05-17 02:14:22 0 d-----w- c:\windows\Internet Logs
2010-05-17 01:35:19 0 d-----w- c:\users\artist\appdata\roaming\PeerNetworking
2010-05-17 01:06:25 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-16 02:46:41 0 d-----w- c:\program files\Spybot - Search & Destroy2
2010-05-15 00:17:51 0 d-----w- c:\windows\CheckSur
2010-05-13 02:43:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-13 02:43:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-13 02:43:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-13 02:42:57 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-13 02:42:39 0 d-----w- c:\program files\Norton AntiVirus
2010-05-13 02:42:34 0 d-----w- c:\program files\NortonInstaller
2010-05-12 10:41:17 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 00:20:29 0 d-----w- c:\program files\TaxCut08
2010-05-03 00:14:36 0 d-----w- c:\users\artist\files_from_hp_passport
2010-05-02 01:31:17 32380198 ----a-w- C:\Modi- Kitten Runs On The Field.mov
2010-05-01 19:18:05 0 d-----w- c:\users\artist\{d1d90eef-6c51-4a5c-a3e2-546da142f0a9}
2010-05-01 19:18:02 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-05-01 19:18:02 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-05-01 19:14:10 0 d-----w- c:\programdata\AppData
2010-05-01 19:13:00 0 d-----w- c:\users\artist\appdata\roaming\WTablet
2010-05-01 19:12:53 1887859 ----a-w- c:\windows\system32\WacomTablet.znc
2010-05-01 19:12:52 3483184 ----a-w- c:\windows\system32\WacomTablet.cpl
2010-05-01 19:12:09 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2010-05-01 19:10:15 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-05-01 19:10:15 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-05-01 19:10:14 124464 ------w- c:\windows\system32\Wintab32.dll
2010-05-01 19:10:14 0 d-----w- c:\windows\system32\WTablet
2010-05-01 19:10:11 0 d-----w- c:\program files\Tablet
2010-05-01 18:47:43 0 d-----w- c:\programdata\Alias
2010-05-01 17:29:45 0 d-----w- c:\program files\common files\Alias Shared
2010-05-01 17:25:26 0 d-----w- c:\program files\common files\en-US
2010-05-01 17:25:25 0 d-----w- c:\program files\common files\ja-JP
2010-05-01 16:00:03 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-05-01 15:11:16 0 d-----w- c:\program files\common files\Autodesk Shared
2010-05-01 15:11:07 0 d-----w- c:\program files\Autodesk
2010-05-01 15:11:00 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-05-01 15:11:00 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-05-01 15:10:59 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-05-01 15:10:59 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-05-01 15:10:59 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-05-01 15:10:59 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-05-01 15:10:58 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-05-01 15:10:58 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-05-01 15:10:58 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 15:10:58 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-05-01 15:10:57 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-01 15:08:15 0 d-----w- c:\users\artist\appdata\roaming\Autodesk
2010-05-01 15:08:15 0 d-----w- c:\programdata\Autodesk
2010-05-01 15:04:03 0 d-----w- C:\Autodesk
2010-05-01 13:46:09 0 d-----w- c:\users\artist\.unlimitedftp
2010-05-01 13:45:32 0 d-----w- c:\programdata\Sun
2010-05-01 13:44:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 13:32:22 0 d-----w- c:\program files\common files\Akamai
2010-05-01 01:39:06 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-05-01 01:39:06 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-05-01 01:39:06 142 ----a-w- c:\windows\wpd99.drv
2010-05-01 01:39:06 0 d-----w- c:\programdata\pdf995
2010-05-01 01:38:50 202240 ----a-w- c:\windows\system32\wbem\framedyn.dll
2010-05-01 01:29:30 0 d-----w- c:\program files\TaxCut07
2010-05-01 01:28:20 0 d-sh--w- c:\windows\ftpcache
2010-05-01 01:07:22 0 d-----w- c:\users\artist\appdata\roaming\TaxCut
2010-05-01 01:06:07 0 d-----w- c:\program files\PDF995
2010-05-01 01:06:07 0 d-----w- c:\program files\HRBlock2009
2010-05-01 01:04:42 0 d-----w- c:\programdata\TaxCut
2010-04-27 03:31:06 0 d-----w- c:\windows\pss
2010-04-23 10:24:56 0 d-----w- c:\users\artist\music2
2010-04-22 04:07:14 0 d-----w- c:\users\artist\Tracing

==================== Find3M ====================

2010-05-17 02:16:48 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 02:16:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 02:16:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 18:54:33 52608 ----a-w- c:\windows\fonts\Adelon_MediumIta.TTF
2010-02-26 18:53:34 37004 ----a-w- c:\windows\fonts\Bp15407.ttf
2010-02-26 18:47:39 36692 ----a-w- c:\windows\fonts\Bp15417_0.ttf
2010-02-26 18:47:39 36692 ----a-w- c:\windows\fonts\Bp15417.ttf
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-18 14:07:05 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07:05 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:30:03 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-11-20 01:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 01:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
2009-11-17 14:17:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-12 17:55:08 218 ----a-w- c:\program files\INSTALL.LOG
2009-09-17 14:05:35 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-15 12:38:57 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-27 13:20:42 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-18 01:26:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:04:06.37 ===============

thanks

hi,

Your log is a few days old. If you still need help simply reply to my post.

Hi, I had been checking everyday for a reply, but got a bit side tracked. I just have not been using the computer lately.

Another new issue that I have not seen before is, periodically it will ask me if I can want to save my search, even if I have not done a search. I am just simply clicking to go to the next page. This has been happening for a few weeks. I have seen it on both google chrome and firefox.

lets start with Malwarebytes. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Ok, so when I updated the malwarebytes program it caused a blue screen error and my system shut down. It did recover. However the scan did not find anything.

Her boyfriend had worked as a systems admin. Is there more sofisticated ways of keylogging or tracking my web activity? We share an open wifi network at the present and she has a thumb drive that is new that has a software lock on it. I am curious if it does not house the software for her to track what I am doing, or if my info is being emailed to her. I have seen her looking at things on her computer and trying to block my view of it using small windows and moving in my way. she has also made notes and copy and pasted things to email them to others. It looks very suspicious to me. I do a lot of online banking and I am afraid she is trying to still my account info.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4157

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/31/2010 11:20:27 AM
mbam-log-2010-05-31 (11-20-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 449964
Time elapsed: 1 hour(s), 39 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

I dont recognize any malware in the logs and Malwarebytes came up clean. This one item;

c:\program files\logmein

Is a remote access utility. This would allow another person to log in to your machine remotely. I assume it must have a password feature in order to log in and probably logs that could be checked. You should change the password and check the logs.

Where would I find these logs? And how can I disable this service?

When looking for LogMeIn in the program files it does not show up. There is however a LogMeIn GUI listed in the startup from the control panel. There is also a secondary login listed. I am afraid I don't know much about vista and I don't want to kill something that will prevent me from accessing my own computer.

I dont know if it has logging capabilities. The remote access software iam familiar with do save logs. Did you install it? Is that a work place computer? Have you ever accessed another computer remotely from that computer or logged into that computer from another.
Thats what logmein is for, like if you logged into a work place computer from home or while travelling.
It has nothing to do with you actually sitting there and being able to use the computer.

check this setting;
right click on my computer icon and select properties,
on the left side click on Remote Settings
Under the remote tab
see if

'Allow remote assistance connections to this computer'
is checked or not

and what the setting under 'remote desktop' is

Well, recently my norton antivirus had a problem and I had to get support to remove and reinstall it. They did a remote access to do this.

This system used to be part of a business and had access to a server, but it is not on a server anymore and is a stand alone. I don't know if there were services that leave this computer vulnerable or not. I did not set up the network or know enough about it to know what kind of services were needed for the network.

allow remote assistance connections to this computer is unchecked already. I may have done that a couple of weeks ago myself.

And Don't allow connections to this computer is checked.

ok. Well the MBAM log looks good and I dont see anything else in the DDS log.

So, does this mean that there is no way she is tracking my web activity from her machine?

I have a tracking cookie called Right Media on my machine that neither Norton or spybot seem to be able to permanently remove. I just ran spybot and it found 13 cookies that and I ran the fix. It showed fixed, but I ran a 2nd time and it found Right media once again.

no way she is tracking my web activity from her machine?
As far as I can tell based on the logs.

for the cookie, see if this link helps any:

http://forums.spybot.info/showthread.php?t=53327

Thank you shelf life. :)