I'm sorry I didn't follow directions accurately in first posting- so this is now accurate info- (merge with old Title, "Need advice" thank you) - I was going to add this as a reply, but I don't want someone to think I'm already being helped - just trying to get accurate info on my error(s) Edit http://forums.spybot.info/showthread.php?t=59229

I disabled teatime, and made msconfig normal start, instead of selective - here is the DDS-

DDS (Ver_10-03-17.01) - NTFSx86
Run by ** at 14:38:51.14 on Tue 08/31/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1095 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Starfield\wben.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\Browser Guard 2010\tmiegsrv.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Users\Waitin4Interest\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.search.com
uStart Page = hxxp://www.search.com/
uLocal Page = about:blank
uSearch Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mLocal Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard 2010\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard 2010\tmeig.dll
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
uRun: [wben] "c:\program files\starfield\wben.exe"
mRun: [Trend Micro Browser Guard v2.0 Beta] "c:\program files\trend micro\browser guard 2010\BGUI.EXE"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
StartupFolder: c:\users\waitin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\waitin4interest\appdata\roaming\microsoft\windows\start menu\programs\startup\Reconnect.url
StartupFolder: c:\users\waitin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{e7875036-3cfc-4f0f-a470-8eadffe43f6c}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://drpitcairn.webex.com/client/T27LB/webex/ieatgpc1.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\users\waitin~1\appdata\roaming\mozilla\firefox\profiles\cn71hvwq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.search.com/
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npoff.dll
FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npoff.dll
FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npwbe.dll
FF - plugin: c:\users\waitin4interest\appdata\roaming\mozilla\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2010-8-28 28184]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-28 312152]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-8-27 582992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-29 1153368]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-8-27 206608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-8-22 39048]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-8-27 206608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-30 15:40:36 65536 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TM.blf
2010-08-30 15:40:36 524288 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TMContainer00000000000000000002.regtrans-ms
2010-08-30 15:40:36 524288 --sha-w- c:\users\waitin4interest\NTUSER.DAT{ebd433e2-b3d3-11df-b773-001422f3b827}.TMContainer00000000000000000001.regtrans-ms
2010-08-30 04:19:03 262144 ---ha-w- c:\users\waitin4interest\NTUSER.tmp.LOG1
2010-08-30 04:19:03 0 ---ha-w- c:\users\waitin4interest\NTUSER.tmp.LOG2
2010-08-30 03:42:34 0 d-----w- c:\program files\Safer Networking
2010-08-30 00:16:10 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-30 00:16:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 06:41:44 0 d-----w- c:\users\waitin~1\appdata\roaming\Colasoft MAC Scanner
2010-08-29 06:41:44 0 d-----w- c:\program files\common files\Colasoft Shared
2010-08-29 06:41:43 0 d-----w- c:\users\waitin~1\appdata\roaming\Colasoft Capsa 7 Free
2010-08-29 06:41:43 0 d-----w- c:\programdata\Colasoft Capsa 7 Free
2010-08-29 06:40:39 28184 ----a-w- c:\windows\system32\drivers\CSN5PDTS82.sys
2010-08-29 06:40:35 0 d-----w- c:\program files\Colasoft Capsa 7 Free Edition
2010-08-29 06:38:37 0 d-----w- c:\users\waitin~1\appdata\roaming\Malwarebytes
2010-08-29 06:38:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 06:38:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 06:38:19 0 d-----w- c:\programdata\Malwarebytes
2010-08-29 06:38:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 06:14:27 0 d-----w- c:\program files\Microsoft Analysis Services
2010-08-29 06:13:34 0 d-----w- c:\programdata\Microsoft Help
2010-08-29 01:01:50 0 d-----w- c:\users\waitin~1\appdata\roaming\IObit
2010-08-29 01:01:49 0 d-----w- c:\programdata\IObit
2010-08-29 01:01:47 0 d-----w- c:\program files\IObit
2010-08-28 16:19:24 856064 ----a-w- c:\windows\system32\XpsFilt.dll
2010-08-28 16:19:24 74748 ----a-w- c:\windows\system32\xpsrchvw.xml
2010-08-28 16:19:24 4637520 ----a-w- c:\windows\system32\xpsrchvw.exe
2010-08-28 16:19:24 31444 ----a-w- c:\windows\system32\xpsrchvw.chm
2010-08-28 01:50:50 0 d-----w- c:\windows\pss
2010-08-27 15:49:28 0 ----a-w- c:\users\waitin~1\appdata\roaming\wklnhst.dat
2010-08-27 14:51:23 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-27 14:51:23 0 d-----w- c:\windows\system32\log
2010-08-27 14:44:08 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-08-25 23:38:22 0 d-----w- c:\program files\Flash4D Flash Intro Builder
2010-08-25 20:47:37 0 d-----w- c:\programdata\Citrix
2010-08-25 20:46:56 0 d-----w- c:\program files\Citrix
2010-08-25 20:46:37 103784 ----a-w- c:\users\waitin4interest\GoToAssistDownloadHelper.exe
2010-08-25 14:49:41 856064 ----a-w- c:\windows\system32\swfgen.dll
2010-08-25 02:36:33 0 d-----w- c:\users\waitin4interest\Tracing
2010-08-25 02:34:13 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-08-25 02:34:10 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-25 02:33:22 0 d-----w- c:\program files\Microsoft
2010-08-25 02:33:06 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-25 02:32:37 0 d-----w- c:\windows\PCHEALTH
2010-08-25 00:57:14 0 d-----w- c:\users\waitin~1\appdata\roaming\webex
2010-08-25 00:56:30 0 d-----w- c:\programdata\WebEx
2010-08-25 00:54:49 0 d-----w- c:\programdata\Apple Computer
2010-08-25 00:51:20 0 d-----w- c:\programdata\Apple
2010-08-25 00:36:31 0 d-----w- c:\program files\common files\Windows Live
2010-08-25 00:22:25 54156 ---ha-w- c:\windows\QTFont.qfn
2010-08-25 00:22:25 1409 ----a-w- c:\windows\QTFont.for
2010-08-24 21:34:58 65536 ------w- c:\windows\system32\Ikeext.etl
2010-08-24 07:00:05 22 ----a-w- c:\windows\kodakpcd.ini
2010-08-24 02:40:31 0 d-----w- C:\temp
2010-08-24 02:12:11 0 d-----w- c:\users\waitin4interest\LapNet
2010-08-23 21:08:38 0 d-----w- c:\program files\Windows Portable Devices
2010-08-23 21:08:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-23 21:08:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-23 20:27:59 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-23 20:26:10 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-08-23 20:26:10 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-08-23 20:26:10 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-08-23 20:07:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-23 20:07:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-23 20:07:53 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-08-23 19:54:06 0 d-----w- c:\program files\MSXML 4.0
2010-08-23 08:52:28 0 d-----w- c:\users\waitin~1\appdata\roaming\Hallmark
2010-08-23 08:35:59 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-08-23 08:35:59 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-08-23 08:35:59 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-08-23 08:35:58 0 d-----w- c:\program files\LG Electronics
2010-08-23 08:33:13 0 d-----w- c:\programdata\InstallShield
2010-08-23 08:32:55 0 d-----w- c:\programdata\Sonic
2010-08-23 08:32:15 0 d-----w- c:\program files\common files\SureThing Shared
2010-08-23 08:32:07 120 ----a-w- c:\windows\wininit.ini
2010-08-23 08:29:59 0 d-----w- c:\programdata\Roxio
2010-08-23 08:29:58 0 d-----w- c:\program files\common files\Sonic Shared
2010-08-23 08:28:39 0 d-----w- c:\program files\Roxio
2010-08-23 08:26:28 0 d-----w- c:\programdata\QuickTime
2010-08-23 08:26:23 0 d-----w- c:\windows\system32\BWKDLogs
2010-08-23 08:26:17 0 d-----w- c:\program files\common files\Kodak
2010-08-23 08:26:10 0 d-----w- C:\KPCMS
2010-08-23 08:26:08 0 d-----w- c:\windows\system32\color
2010-08-23 08:25:20 0 d-----w- c:\program files\Kodak
2010-08-23 08:25:20 0 d-----w- c:\program files\common files\MSSoap
2010-08-23 08:24:08 0 d-----w- c:\programdata\Kodak
2010-08-23 07:20:11 0 ----a-w- c:\windows\DVEdit.INI
2010-08-23 06:43:32 252981211 ----a-w- c:\windows\MEMORY.DMP
2010-08-23 06:25:32 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-23 06:25:31 0 d-----w- c:\program files\common files\PX Storage Engine
2010-08-23 06:24:40 31744 ----a-w- c:\windows\system32\drivers\ICDSX.sys
2010-08-23 06:22:16 39048 ----a-w- c:\windows\system32\drivers\IcdUsb2.sys
2010-08-23 06:22:14 122880 ------w- c:\windows\system32\trc.dll
2010-08-23 06:21:14 0 d-----w- c:\program files\Sony
2010-08-22 23:44:27 0 d-----w- c:\users\waitin~1\appdata\roaming\Avanquest
2010-08-20 22:52:40 0 d-----w- c:\users\waitin~1\appdata\roaming\OpenOffice.org
2010-08-20 22:47:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-20 22:32:32 0 d-----w- c:\program files\JRE
2010-08-20 22:32:29 0 d-----w- c:\program files\OpenOffice.org 3
2010-08-20 19:48:31 0 d-----w- c:\users\waitin~1\appdata\roaming\Smith Micro
2010-08-20 19:18:25 0 d-----w- c:\programdata\Browser Guard 2010
2010-08-20 19:18:25 0 d-----w- c:\program files\Trend Micro
2010-08-20 17:17:23 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-08-20 16:43:59 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 09:04:47 72704 ----a-w- c:\windows\system32\admparse.dll
2010-08-20 08:50:36 0 d-----w- c:\windows\system32\vi-VN
2010-08-20 08:50:36 0 d-----w- c:\windows\system32\eu-ES
2010-08-20 08:50:36 0 d-----w- c:\windows\system32\ca-ES
2010-08-20 08:28:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-20 07:39:47 0 d-----w- c:\users\waitin4interest\Bluetooth Software
2010-08-20 07:39:40 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-20 07:23:57 0 d-----w- c:\users\waitin~1\appdata\roaming\Verizon Wireless
2010-08-20 05:51:04 0 d-----w- c:\program files\Starfield
2010-08-20 00:09:19 0 d-----w- c:\programdata\WEngineLite
2010-08-20 00:09:19 0 d-----w- c:\programdata\Verizon Wireless
2010-08-20 00:09:19 0 d-----w- c:\program files\Verizon Wireless
2010-08-20 00:08:33 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-08-20 00:08:33 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-08-20 00:08:33 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-08-20 00:08:33 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-08-20 00:08:33 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-08-20 00:08:33 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-08-20 00:08:33 110280 ----a-w- c:\windows\system32\drivers\sscdserd.sys
2010-08-20 00:08:33 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-08-20 00:08:33 0 d-----w- c:\program files\SAMSUNG
2010-08-20 00:08:27 0 d-----w- c:\programdata\Samsung
2010-08-20 00:03:20 0 d-----w- c:\windows\system32\EventProviders
2010-08-20 00:01:59 83456 ----a-w- c:\windows\system32\wlgpclnt.dll
2010-08-19 23:41:19 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-19 23:41:19 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-19 23:41:19 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-19 23:41:19 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-19 23:41:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-19 23:40:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-19 23:40:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-19 23:40:21 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-19 23:35:15 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-19 23:35:14 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-19 23:35:13 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-19 23:34:12 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-19 23:34:04 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-19 23:33:49 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-19 23:33:49 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-19 23:33:48 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-19 23:33:47 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-19 23:33:47 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-19 23:33:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-19 23:33:44 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-19 23:33:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-19 23:24:33 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-19 23:12:47 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-19 23:12:36 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-19 23:12:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-08-19 23:12:30 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-19 21:06:54 0 d-----w- c:\program files\common files\Nova Development
2010-08-19 21:05:50 0 d-----w- c:\program files\Creative Home
2010-08-19 21:04:06 0 d-----w- c:\programdata\Avanquest
2010-08-19 20:55:48 0 d-----w- c:\program files\common files\Crystal Decisions
2010-08-19 20:54:14 0 d-----w- c:\program files\Ideasoft
2010-08-19 20:49:32 0 d-----w- c:\programdata\BVRP Software
2010-08-19 20:49:32 0 d-----w- c:\program files\Avanquest update
2010-08-19 20:47:33 647872 ------w- c:\windows\system32\MSCOMCT2.OCX
2010-08-19 20:47:33 1508 ----a-w- c:\windows\bizpub32.INI
2010-08-19 20:47:33 118784 ------w- c:\windows\system32\MSSTDFMT.DLL
2010-08-19 20:47:32 565760 ------w- c:\windows\system32\msvcp50.DLL
2010-08-19 20:47:32 348160 ------w- c:\windows\system32\MFC30.DLL
2010-08-19 20:47:17 0 d-----w- c:\program files\common files\MySoftware
2010-08-19 20:47:16 0 d-----w- c:\program files\MySoftware
2010-08-19 20:37:01 0 d-----w- c:\programdata\Adobe
2010-08-19 19:07:27 0 d-sh--we c:\programdata\Documents
2010-08-19 19:07:27 0 d-sh--we C:\Documents and Settings
2010-08-19 16:22:16 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-08-19 16:19:17 90112 ----a-w- c:\windows\system32\stacsv.exe
2010-08-19 16:19:17 4931584 ----a-w- c:\windows\system32\stacgui.cpl
2010-08-19 16:19:17 303104 ----a-w- c:\windows\sttray.exe
2010-08-19 16:19:17 1458176 ----a-w- c:\windows\system32\stlang.dll
2010-08-19 16:18:59 141824 ----a-w- c:\windows\system32\staco.dll
2010-08-19 16:18:58 647680 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-08-19 16:18:57 535552 ----a-w- c:\windows\system32\stapo.dll
2010-08-19 16:18:57 238592 ----a-w- c:\windows\system32\stapi32.dll
2010-08-19 16:18:56 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-08-19 16:18:56 416256 ----a-w- c:\windows\system32\ctapo32.dll
2010-08-19 16:18:56 0 d-----w- c:\program files\SigmaTel
2010-08-19 16:18:26 0 d-----w- c:\program files\Digital Line Detect
2010-08-19 16:17:55 0 d-----w- c:\program files\NetWaiting
2010-08-19 16:17:51 0 d-----w- c:\program files\Modem Diagnostic Tool
2010-08-19 16:17:45 0 d-----w- c:\program files\Dell
2010-08-19 16:16:50 80176 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-08-19 16:16:50 16560 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-08-19 16:16:49 78128 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-08-19 16:16:45 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2010-08-19 16:16:23 0 d-----w- c:\windows\system32\es-MX
2010-08-19 16:16:23 0 d-----w- c:\windows\system32\es-AR
2010-08-19 16:16:23 0 d-----w- c:\program files\WIDCOMM
2010-08-19 16:16:18 0 d-----w- c:\program files\Dell Inc
2010-08-19 16:16:16 0 d-----w- c:\programdata\Sun
2010-08-19 16:16:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-19 16:09:31 65536 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
2010-08-19 16:09:31 196608 ----a-w- c:\windows\ocsetup_cbs_install_OEMHelpCustomization.perf
2010-08-19 16:09:31 134086656 ----a-w- c:\windows\ocsetup_install_OEMHelpCustomization.etl
2010-08-19 10:58:51 0 d-----w- c:\program files\CONEXANT
2010-08-19 10:58:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-19 10:57:58 0 d-----w- c:\windows\system32\x64
2010-08-19 02:06:21 0 d-----w- c:\program files\Synaptics
2010-08-19 02:03:49 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-19 02:03:49 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-19 02:03:49 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-08-19 02:03:49 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-19 02:03:48 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-19 02:03:48 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-19 02:03:48 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-19 02:03:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-19 02:03:15 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-19 02:03:15 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-19 02:02:06 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-08-19 02:00:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-19 02:00:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-19 01:59:24 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-08-19 01:58:54 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-08-19 01:58:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-19 01:58:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-08-19 01:57:55 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-19 01:56:27 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-08-19 01:56:27 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-08-19 01:56:27 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2010-08-19 01:56:27 196608 ----a-w- c:\windows\system32\fsquirt.exe
2010-08-19 01:55:58 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-19 01:53:18 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-08-19 01:52:20 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-19 01:52:20 471552 ----a-w- c:\windows\system32\secproc.dll
2010-08-19 01:52:20 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-19 01:52:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-19 01:52:20 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-08-19 01:52:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-19 01:52:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-19 01:52:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-19 01:52:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-19 01:51:45 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-19 01:51:12 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-19 01:51:12 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-19 01:51:12 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-19 01:51:12 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-19 01:51:12 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-19 01:50:38 98304 ----a-w- c:\windows\system32\cabview.dll
2010-08-19 01:50:10 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-19 01:45:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-19 01:44:54 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-19 01:44:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-19 01:40:23 243712 ----a-w- c:\windows\system32\rastls.dll
2010-08-19 01:39:52 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-19 01:39:52 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-19 01:39:52 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-19 01:39:10 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-08-19 01:39:10 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-19 01:39:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-19 01:39:10 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-19 01:39:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-08-19 01:39:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-08-19 01:39:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-19 01:39:09 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-08-19 01:39:09 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-19 01:38:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-19 01:36:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-19 01:36:44 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-19 01:36:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-19 01:36:43 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-19 01:36:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-19 01:34:01 46080 ----a-w- c:\windows\system32\TSWbPrxy.exe
2010-08-19 01:34:01 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-08-19 01:34:01 36864 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-19 01:34:01 2689024 ----a-w- c:\windows\system32\mstscax.dll
2010-08-19 01:34:01 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-08-19 01:34:01 130560 ----a-w- c:\windows\system32\aaclient.dll
2010-08-19 01:34:01 12800 ----a-w- c:\windows\system32\wksprtPS.dll
2010-08-19 01:34:01 1033728 ----a-w- c:\windows\system32\mstsc.exe
2010-08-19 01:33:34 623616 ----a-w- c:\windows\system32\localspl.dll
2010-08-19 01:33:08 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-19 01:33:08 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-19 01:33:08 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-19 01:33:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-19 01:33:08 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-19 01:33:08 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-19 01:31:47 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-19 01:31:47 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-19 01:31:18 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-08-19 01:30:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-19 01:30:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-19 01:30:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-19 01:30:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-19 01:30:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-19 01:30:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-19 01:30:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-19 01:30:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-19 01:30:23 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-19 01:29:39 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-19 01:29:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-19 01:27:19 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-08-19 01:27:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-08-19 01:27:19 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-08-19 01:27:19 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-08-19 01:27:19 226816 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-08-19 01:27:19 196608 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-08-19 01:27:19 15872 ----a-w- c:\windows\system32\hcrstco.dll
2010-08-19 01:26:31 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-19 01:25:18 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2010-08-19 01:23:00 5919 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_9400.mrk
2010-08-19 01:21:23 0 d-----w- c:\windows\system32\oem
2010-08-19 01:21:22 0 d-----w- C:\Drivers
2010-08-19 01:17:31 0 d-----w- C:\DELL
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-27 14:44:42 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-27 14:44:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-27 14:44:42 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-23 21:08:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-20 08:37:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-19 01:37:37 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:39:52.98 ===============

Also browser points to page Dell support put in there when he was remote trouble shooting my battery being dead - can't seem to get rid of it...

Thank you for your assistance, whomever replies to me.

Hi,

Does redirecting occur with both Internet Explorer and Firefox (please test if you haven't done that)?

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

I did as instructed and first time it froze the computer, so I restarted
then I got the blue screen error
so I restarted in safe mode, and here is the info:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 18:28:40
Windows 6.0.6002 Service Pack 2
Running: uzydx9g0.exe; Driver: C:\Users\WAITIN~1\AppData\Local\Temp\pwtyrpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 96494A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00197de2c15f
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00197de2c15f (not active ControlSet)

---- EOF - GMER 1.0.15 ----


I had to put computer back to selective startup... and also ran a report from IOBIT & here is the info:


Logfile of IObit HijackScan v1.0.2.0
Scan saved at 18:33:49, on 2010-9-5

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard 2010\tmeig.dll
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Trend Micro Browser Guard v2.0 Beta] "C:\Program Files\Trend Micro\Browser Guard 2010\BGUI.EXE"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}GpcContainer.GpcContainer.1 - https://drpitcairn.webex.com/client/T27LB/webex/ieatgpc1.cab
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe
O23 - Service: File Backup Service (File Backup) - Starfield Technologies, Inc. - C:\Program Files\Starfield\offSyncService.exe
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
O23 - Service: RoxMediaDB9 (RoxMediaDB9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
O23 - Service: stllssvr (stllssvr) - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe
O23 - Service: XAudioService (XAudioService) - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

LASSH: 6708127940F65069BD470F6462A4A875
Info Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
Location Path: HKEY_USERS\S-1-5-21-167909577-2247981082-3190906022-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
Makro Location Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
Makro Location: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
No additional information is available.
Table=bho
GUID={CFBFAE00-17A6-11D0-99CB-00C04FD64497}
RegistryKey=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\
CaptionBHO=
CaptionCLSID=Microsoft Url Search Hook
Filename=C:\Windows\system32\ieframe.dll
Filesize=11077120
MD5=F8427C8E999FBCB98575C705A464F854

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I did as instructed, but it's still redirecting before loading the web page... should I call Dell, it's still under warranty?
(let me know if I should post a different DDS log, and from what program you want it from, I'm sorry if I provided too much info)
here are the files...

Thank you for the instructions so far, I really appreciate your assistance!
I have the DDS log...
Thanks again!

My D: Backup drive is just about full, I'm not sure why?

Should I have made MSCONFIG Normal start-up instead of selective before running Combofix? Should I run it again? I'm really sorry, I don't want to waste your time...

My D: Backup drive is just about full, I'm not sure why?
If that drive holds recovery partition then that's normal. If it doesn't have recovery partition on it then it's hard to say without knowing what items the drive contains.


Should I have made MSCONFIG Normal start-up instead of selective before running Combofix? Should I run it again?
Shouldn't affect on ComboFix run.


I did as instructed, but it's still redirecting before loading the web page...
Could you describe how redirecting happens and if it does so on specific sites? Screenshots would be good.

Appears to be every site... my bank blocked it and the firefox drop down box showed up saying it blocked the redirect, but that's the only site I saw the drop down box - it happens so fast they just blink for a second; I wrote most of what I see when it is happening... how do I do the screen shot, is it just print screen?

Hi,

Yes, print screen and then you can use for example Windows MS Paint to create .jpg or .png picture.

Here you go, thank you again for your assistance.

IE didn't redirect when I opened search.com today, but it says error on page - this is the error:
Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)
Timestamp: Wed, 8 Sep 2010 02:45:52 UTC


Message: Syntax error
Line: 1
Char: 1
Code: 0
URI: http://forums.spybot.info/clientscript/lassh_inline.js

Also 1st time I tried to upload another screenshot it said couldn't connect to web page - 2nd time it uploaded

Hi,

Let's uninstall ComboFix

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



I checked search.com and for me it shows those same domains in status bar. Being pretty sure my system isn't infected I'd say you don't have to worry about those. For Firefox you may install NoScript (https://addons.mozilla.org/firefox/addon/722) addon that helps controlling site scripts.

Problem signature:
Problem Event Name: APPCRASH
Application Name: VZAccess Manager.exe
Application Version: 7.2.10.1
Application Timestamp: 4b886915
Fault Module Name: VPNManagerSA.dll
Fault Module Version: 2.0.0.32
Fault Module Timestamp: 4adf719a
Exception Code: c0000005
Exception Offset: 0002ba84
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 61d2
Additional Information 2: efb6f2561db901326ddcd0e965e6b86a
Additional Information 3: 40ec
Additional Information 4: eee1c25aae37cf23cb44fbcaf0becd73

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

& then when I reopened it, it read this error, instead of my data info:
Data Usage: Error
Error Code: 266
Description: Error-VISION
CustomerSearch call Failed

but I get on the internet fine/it connects fine... I've gotten that before & I've called the company...

Hi,

You may want to see if reinstall for the app helps (if issue keeps re-occuring). Any other issues?

I pulled up www.cpay.com and it says it was blocked a redirect - but when already had spybot on a tab & it made me log in 2 separate times... once logged in it said meta redirect, and blocked the redirect, I accepted, since I downloaded the script program you suggested - very nice...

I'll try & make printscreens of any other issues- the pages load faster now though

Hi,

Let's run one more tool.


Please download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

As instructed...

Hi,

That looks ok. System seems to be in order.

thanks again

Why does my host file say 127.0.0.1 ? Isn't that what it's supposed to block?

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy

Also, the internet protected mode is checked in Internet options, but on the bottom it is Off- can't seem to make it turn on again... and it keeps saying Done, but with errors on page, when I use IE...
Thanks again...

Hi,

As I told you I don't see anything malicious in your logs. Hosts file is also like it should be. 127.0.0.1 is localhost which means the computer itself.

We are wasting time hunting ghosts that don't exist.

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.